developing microsoft sharepoint server 2010 solutions with claims authentication n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication PowerPoint Presentation
Download Presentation
Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication

Loading in 2 Seconds...

play fullscreen
1 / 45

Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication - PowerPoint PPT Presentation


  • 156 Views
  • Uploaded on

Required Slide. SESSION CODE: OSP306. Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication . Paul Schaeflein, MCT Manager of Advanced Technologies LaSalle Consulting Partners, Inc. Agenda. Claims-Based Identity Claims-Based Authorization Claims Provider

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication' - emily


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
developing microsoft sharepoint server 2010 solutions with claims authentication

Required Slide

SESSION CODE: OSP306

Developing Microsoft SharePoint Server 2010 Solutions with Claims Authentication

Paul Schaeflein, MCT

Manager of Advanced Technologies

LaSalle Consulting Partners, Inc.

agenda
Agenda
  • Claims-Based Identity
  • Claims-Based Authorization
  • Claims Provider
  • Anonymous Access
  • Trusted Identity Providers
claims based identity primer introduction
Claims-Based Identity primerIntroduction
  • What is Identity?

A set of attributes to describe a user.

  • What is a Claim?

Information such as name, e-mail, age, group membership, etc.

claims based identity primer introduction1
Claims-Based Identity primerIntroduction
  • What is Authentication (AuthN)?

The process of verifying a user’s identity.

  • What is Authorization (AuthZ)?

Determines which sites, content, and other features the user can access.

claims based identity primer user identity is a set of claims
Claims-Based Identity primerUser Identity is a set of claims
  • Why do we say “claim” and not “attribute?”
    • Facebook & the Dept. of State have the age attribute
    • Facebook can claim 29 yrs, while State claims 46 yrs.
    • In order to make authorization decisions with age, your app needs to decide which “claim” you will trust.
  • Trust depends on scenario not on technical capability
claims is more than federation
Claims is more than Federation
  • Federation between organizations was the original driver
  • Over time, claims turned out to be useful for more than just Federation
  • Real Benefit: Cleanly factoring out the Identity Provider from the application is invaluable
    • SharePoint is Identity Provider neutral
  • Multi-auth web applications
identity normalization
Identity Normalization

Anonymous User

NT TokenWindows Identity

SAML TokenLiveID, ADFS, Others

ASP.Net (FBA)SAL, LDAP, Custom …

SAML Token

Claims Based Identity

SPUser

claims based identity1

Claims-Based Identity

Claims Viewer Web Part

Multi-Auth web application

DEMO

claims viewer web part1
Claims Viewer Web Part

IClaimsPrincipalclaimsPrincipal = Page.UserasIClaimsPrincipal;

IClaimsIdentityclaimsIdentity = (IClaimsIdentity)claimsPrincipal.Identity;

GridView1.DataSource = claimsIdentity.Claims;

claims based authorization1
Claims-Based Authorization
  • Available to securable objects thru People-Picker
  • Access Claims via IClaimsIdentity interface
    • Claims property contains all claims
  • Conditionally Display information
    • based on presence of claim
    • based on value of claim
claims based authorization2

Claims-Based Authorization

Select claim in People Picker

Conditional information display

DEMO

conditional information display1
Conditional Information Display

IClaimsPrincipalclaimsPrincipal = Page.UserasIClaimsPrincipal;

IClaimsIdentityclaimsIdentity = (IClaimsIdentity)claimsPrincipal.Identity;

stringpmClaim = (from c inclaimsIdentity.Claims

wherec.ClaimType == CLAIM_TYPE

selectc.Value).FirstOrDefault();

boolauthorized = bool.Parse(pmClaim);

custom sharepoint claims provider
Custom SharePoint Claims Provider
  • Two roles
    • Claims Augmentation
    • Claims Picker
    • !! Not authentication !! (Use WIF classes for AuthN)
  • Usage Scenarios
    • List, Resolve and Search
    • AllUsers claim
    • Adding Claims to original token (claims augmentation)
    • Identity not from original token (map to internal identity)
claims provider claims augmentation
Claims ProviderClaims Augmentation
  • Enables an application to augment additional claims into the user’s token
  • Implemented as a Claims Provider class
    • FillClaimsForEntity called by framework
      • Microsoft.SharePoint.Administration.Claims.SPClaimProvider
    • Register in Feature Event Receiver
      • Microsoft.SharePoint.Administration.Claims.SPClaimProviderFeatureReceiver
  • MSDN Article by Steve Peschka: http://msdn.microsoft.com/en-us/library/ff699494.aspx
claims provider claims picker
Claims ProviderClaims Picker
  • Provides Listing, Resolve, Search and Friendly display of claims in the People Picker
  • Implemented as a Claims Provider class
    • FillHierarchy, FillResolve, FillSearch called by framework
      • Microsoft.SharePoint.Administration.Claims.SPClaimProvider
    • Register in Feature Event Receiver
      • Microsoft.SharePoint.Administration.Claims.SPClaimProviderFeatureReceiver
  • Claim Type and Values must match!
custom claims provider1

Custom Claims Provider

Augment claims based on database values

Resolve Claims in People Picker

DEMO

fillclaimforentity method
FillClaimForEntity() method
  • Parameters
    • Context (URI)
    • Current user (userid claim)
    • Empty list to contain new claims
  • Called once per session
    • Token is passed as cookie once issued
createclaim parameters
CreateClaim() Parameters
  • claimTypeType: StringThe type of claim. Examples of claim types include first name, role and email address. The claim type provides context for the claim value, and it is usually expressed as a Uniform Resource Identifier (URI). For example, the e-mail address claim type is represented as http://schemas.microsoft.com/ws/2008/06/identity/claims/email.
  • value Type: StringThe value of the claim. For example, if the claim type is role, a value might be contributor, and if the claim type is first name, a value might be Matt. 
  • valueType Type: StringThe type of value in the claim. These are all URIs that refer to a string.
establishing anonymous access
Establishing Anonymous Access
  • Web Application
    • Manage web application
      • Authentication Providers
        • Edit Zone
          • Allow Anonymous

$wa = get-spwebapplication http://cba.sharepointdevelopers.net

$zone = [Microsoft.SharePoint.Administration.SPUrlZone]::Custom

$i = $wa.IisSettings[$zone]

$i.AllowAnonymous = $true

$wa.Update()

$wa.ProvisionGlobally()

establishing anonymous access1
Establishing Anonymous Access
  • Site (SPWeb)
    • Site Actions -> Site Permission
      • Anonymous Access
        • Nothing [AnonymousState.Disabled]
        • Entire site [AnonymousState.On]
        • Lists and Libraries [AnonymousState.Enabled]

$w = Get-SPWeb http://www.sharepointdevelopers.net/blogs

$w.AnonymousState = [Microsoft.SharePoint.SPWeb+AnonymousState]::On

$w.Update()

establishing anonymous access2
Establishing Anonymous Access
  • List
    • List Settings
      • Anonymous Access

$w = get-spweb http://www.sharepointdevelopers.net/blogs/paul

$l = $w.Lists["Comments"]

$l.AnonymousPermMask64 = {BasePermissions as appropriate}

trusted identity providers1
Trusted Identity Providers
  • Active Directory Federation Services (ADFS)
    • Previously known as “Geneva server”
  • Windows Live ID
  • Open ID
adfs 2 0
ADFS 2.0
  • Separate Download
    • http://www.microsoft.com/adfs2
  • Identity across organizational boundaries
  • Attribute stores
    • Active Directory
    • Others
windows live id
Windows Live ID
  • Extract X509 Cert from metadata
  • Set Return URL to _trust/default.aspx
  • Watch TechNet for further information
open id
Open ID
  • Must be “Translated” into SAML Claims
    • WIF code
    • Pioneering work
      • MatiasWoloski
        • http://blogs.southworks.net/mwoloski/2009/07/14/openid-ws-fed-protocol-transition-sts/
      • Travis Nielsen
        • https://blogs.pointbridge.com/Blogs/nielsen_travis/Pages/Post.aspx?_ID=34
  • Many OpenID Providers
    • http://openid.net/get-an-openid/
track resources

Required Slide

Track PMs will supply the content for this slide, which will be inserted during the final scrub.

Track Resources
  • For More Information – http://sharepoint.microsoft.com
  • SharePoint Developer Center – http://msdn.microsoft.com/sharepoint
  • SharePoint Tech Center – http://technet.microsoft.com/sharepoint
  • Official SharePoint Team Blog – http://blogs.msdn.com/sharepoint
related content

Required Slide

Speakers, please list the Breakout Sessions, Interactive Sessions, Labs and Demo Stations that are related to your session.

Related Content
  • Breakout Sessions – See Conference Guide for full list of OSP Track Sessions
  • Interactive Sessions – OSP Track has 10 Interactive Sessions – OSP01-INT – OSP10-INT
  • Hands-on Labs – OSP01-HOL – OSP20-HOL
  • Product Demo Stations – Yellow Section, OSP
    • Office 2010, SharePoint 2010, Project Server 2010, Visio 2010 have kiosks and demos
resources

Required Slide

Resources

Learning

  • Sessions On-Demand & Community
  • Microsoft Certification & Training Resources

www.microsoft.com/teched

www.microsoft.com/learning

  • Resources for IT Professionals
  • Resources for Developers
  • http://microsoft.com/technet
  • http://microsoft.com/msdn
slide41

Required Slide

Complete an evaluation on CommNet and enter to win!

slide42

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st

http://northamerica.msteched.com/registration

You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

slide43

Play the Microsoft Office & SharePoint Track Tag Contest

Download the Microsoft Tag Reader

Open the internet browser on your mobile phone

and visit http://gettag.mobi

Grand Prize (1)

Xbox 360 Prize Package

and Microsoft® Office 2010

Daily Prizes

40 copies of

Microsoft® Office 2010

Come to the Expo Hall – Yellow Section OSP Info Desk

for Official Rules & Collect Additional Tags from all OSP Track Sessions, Speakers and Expo Hall!

slide44

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.