2014-04-05 - spsphilly - authentication and authorization
DESCRIPTION
n today’s complex market place of corporate partnerships and relationships, sharing information is pertinent to ensuring that business operations are conducted in a secure computing environment with trusted entities being provided access to protected information. In this session, Dan will discuss the basics of authentication and authorization in relation to the SharePoint platform. Further, we will be discussing the technical underpinnings of the SharePoint platform’s processing of a user’s identity dependent on identity provider and authorization settings. As a part of this session we will demonstrate different authentication and authorization configurations that are common place in today’s business settings to include when to use: • Integrated Windows Authentication • Forms Based Authentication using SQL Server • ADFS as a Trusted Identity Provider • Threat Management Gateway with Kerberos (Constrained Delegation using client certs) After attending this session, attendees will have a better grasp of the configuration complexities involved with each scenario as well as the user experience impacts based on the path taken.TRANSCRIPT
SPS Philly
Platinum
Gold
Silver Web
SharePoint User Group
• SharePoint
• End Users
• Administrators
• Architects
• Developers
• IT Pros
• Meetings: 2nd Tuesday of the month, Microsoft Malvern, 5:30-8 pm
WEB: www.TriStateSharePoint.org
EMAIL: [email protected]
TWITTER: @tristateSP
http://www.yammer.com/spyam
http://go.spdan.com/kerberos2010
http://go.spdan.com/kerberos2013
http://go.spdan.com/multihopwinrm
http://xkcd.com/1240/
Security in General
Security in General
Anonymous
Authentication
Is In Site Group?
Does user have claim attribute?
Web Application / Site Collection
Secured Site / Site Collection / Content
Content Repository
Content
So
urc
e: htt
p:/
/go
.sp
dan
.com
/iis
auth
ASP.
NET A
uth
en
tica
tio
n
http://go.spdan.com/cba
htt
p:/
/go
.sp
dan.c
om
/cla
imse
nco
din
g
htt
p:/
/go
.sp
dan.c
om
/cla
imse
nco
din
g
1. Resource Requested
2. AuthN Request / Redirect
3. AuthN Request
4. Security Token
5. Security Token Request
6. Service Token
7. Resource Request w/Service Token
8. Resource Sent
Identity Provider Security Token Service
aka IP-STS
SharePoint 2010aka RP
https://sts.domain.com
•
•
•
•
•
•
@binarybrewery
www.sharepointdan.com