sharepoint2010 session 1

7/31/2019 Sharepoint2010 Session 1

1/15

Click to edit Master subtitle style 7/12/12

CopyrightTrinay Technolog y Solutions,39BucklandSt, #5321Mancheste

SHARE POINT 2010


2/15

7/12/12

CopyrightTrinay

Technology Solutions,39BucklandSt, #5321Mancheste

r, CT06042 www.trina y.com 570-575-0475.

Agenda

SharePoint Top Level Architecture Server Architecture Object Model Overview Server Architecture Object Model Overview

Definitions Site Architecture Object Model Overview Site Architecture Object Model Overview Definitions Authentication & Authorization Authentication Types Claims Based Authentication Authorization _ High Level Architecture Authorization User Tokens and Access Control Lists


3/15

7/12/12

CopyrightTrinay



Top Level Architecture


4/15

7/12/12

CopyrightTrinay



Server Architecture: Object Model Overview


5/15

7/12/12

CopyrightTrinay



Server Architecture: Object Model Overview -Definitions

The SPFarm object is the highestobject within the SharePoint

Foundation object model hierarchy.The Servers property gets a collectionrepresenting all the servers in thedeployment, and the Services propertygets a collection representing all theservices.

Each SPServer object represents a


6/15

7/12/12

CopyrightTrinay



Server Architecture: Object Model Overview -Definitions

Each instance of a service, or a CFSI,that is running on a specific server is

represented by an SPServiceInstanceobject.

An SPDatabaseServiceInstance objectrepresents a single instance of adatabase service running on thedatabase server computer. The

SPDatabaseServiceInstance class


7/15

7/12/12

CopyrightTrinay



Site Architecture Object Model Overview


8/15

7/12/12

CopyrightTrinay



Site Architecture Object Model Overview

Dfinitions Each SPSite object, despite its singular name, represents aset of logically related SPWeb objects (see below). Such aset is commonly called a "site collection," but SPSite is nota standard Microsoft .NET collection class, in contrast toSPWebCollection. Rather, it has members that can be usedto manage the site collection. The AllWebs property provides access to the SPWebCollection object thatrepresents the collection of all Web sites within the sitecollection, including the top-level site. TheSPSite.OpenWebmethod of the SPSite class returns a

specific Web site.

Each site collection includes any number of SPWeb objects,and each object has members that can be used to manage asite, including its template and theme, as well as to accessfiles and folders on the site. The Webs property returns anSPWebCollection object that represents all the subsites of a


9/15

7/12/12

CopyrightTrinay



Authentication & Authorization

Authentication is the process of validating a user's identity. Anauthentication method is a specific exchange of account credentials andother attributes that assert that identity.

SharePoint Foundation does not implement its own system for authentication or identity management, but instead relies solely on externalsystems, whether Windows authentication or non-Windows authentication

Authorization refers to the process by which SharePoint Foundation

provides security for Web sites, lists, folders, or items by determining whichusers can perform specific actions on a given object. The authorizationprocess assumes that the user has already been authenticated.


10/15

7/12/12

CopyrightTrinay



Authentication Types SharePoint Foundation supports the following types of authentication:

Windows: All Microsoft Internet Information Services (IIS) and Windowsauthentication integration options, including Basic, Digest, Certificates,Windows NT LAN Manager (NTLM), and Kerberos. Windows authenticationallows IIS to perform the authentication for SharePoint Foundation.

ASP.NET Forms: A non-Windows identity management system that uses thepluggable Microsoft ASP.NET forms-based authentication system. This modeenables SharePoint Foundation to work with a variety of identity managementsystems, including externally defined groups or roles such as LightweightDirectory Access Protocol (LDAP) and light-weight database identitymanagement systems. Forms authentication allows ASP.NET to perform theauthentication for SharePoint Foundation, often involving a redirect to a log-onpage. In SharePoint Foundation, ASP.NET forms are supported only under claims authentication. A forms provider must be registered within a Webapplication that is configured for claims


11/15

7/12/12

CopyrightTrinay



Authentication Claims Based Authentication Claims-based identity is based on the user obtaining a security token

that is digitally signed by a commonly trusted identity provider andcontains a set of claims. Each claim represents a specific item of dataabout the user such as his or her name, group memberships, and roleon the network. Claims-based authentication is user authentication

that utilizes claims-based identity technologies and infrastructure.Applications that support claims-based authentication obtain thesecurity token from the user and use the information within the claimsto determine access to resources. No separate query to a directoryservice like AD DS is needed.

Claims-based authentication in Windows is built on Windows IdentityFoundation (WIF), which is a set of .NET Framework classes that isused to implement claims-based identity. Claims-based authenticationrelies on standards such as WS-Federation, WS-Trust, and protocolssuch as SAML


12/15

7/12/12

CopyrightTrinay



Authentication Claims Based Authentication


13/15

7/12/12

CopyrightTrinay



Authorization- High Level Architecture


14/15

7/12/12

CopyrightTrinay



Authorization- User Tokens and Access Control Lists To make checking permissions faster, SharePoint Foundation implements user

tokens and ACLs in its security model. The user token identifies the authenticationprocess applied to a user. A Windows user has a complex token: a unique stringfor the user (SID) and a list of all the Windows domain groups for the user, for example, DOMAIN\Department 15688. A user who does not have Windowsauthentication may have a very simple token with a unique string for the user name, or a complex token with group/role membership just as expressed inWindows authentication. SharePoint group membership for each user isexpressed through a user token so that, by reading the user token, SharePointFoundation identifies all groups for the current user.

An ACL is a binary object that determines the rights that users and groups have

on a given object. An ACL consists of multiple ACEs, each security principal (user or group) being one ACE in the ACL. Rights, role definitions, and roleassignments are structured into an ACL for each scope, so that SharePointFoundation knows what each user or group is allowed to do within the givenscope.


15/15

7/12/12

CopyrightTrinay



Questions

sharepoint2010 session 1

Documents