Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous.

Published byJordan Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous."— Presentation transcript:

1

2

3

4

5

6

7 Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous access Windows Identity SharePoint Service Applications Content Database Trusted sub-systems Client WIFWIFWIFWIF Claims protected WIF – SPSTS Claims-awareClaims-aware SP-STS Windows Identity Services Application Framework WindowsWindows ASP.Net (FBA) Claims Based Identity SAML Web SSO

8

9

10 “Externalizing Authentication” “Externalizing Authentication” Authentication methods SharePoint Web Application “Identity normalization” “Identity normalization” Access control “Support existing identity infrastructure” “Support existing identity infrastructure” Search Services Application Content Database Client Services Application Framework SP-STS WIFWIFWIFWIF WIF – SPSTS IClaimsPrincipal IPrincipal

11 “Identity normalization” “Externalizing Authentication” Authentication methods SharePoint Web Application Access control “Support existing identity infrastructure” Search Services Application Content Database Client Services Application Framework SP-STS WIFWIFWIFWIF WIF – SPSTS IClaimsPrincipal IPrincipal “Externalizing Authentication” SharePoint Web Application SP-STS WIF – SPSTS

12 NT Token Windows Identity ASP.Net (FBA) SQL, LDAP, Custom … SAML Token Claims Based Identity SAML Token Claims Based Identity SPUser NT Token Windows Identity SAML1.1+ ADFS, etc.

13 SharePoint-STSSharePoint-STS trust SharePoint Web Application Frank Miller 1. Attempt access Fabrikam Enterprise Farm-A Windows claims 2. Redirect to STS for auth 3. Post Token {SP-Token} 2.2 Augment claims 3.1 Extract Claims and construct IClaimsPrincipal 2.1 Authenticate user

14 Session Authentication Module Browser Client IIS ASP.NET 3 1 5 4 6 7 8. Cookie 2

15 demo

16

17 “Identity normalization” “Externalizing Authentication” Authentication methods SharePoint Web Application Access control “Support existing identity infrastructure” Search Services Application Content Database Client Services Application Framework SP-STS WIFWIFWIFWIF WIF – SPSTS IClaimsPrincipal IPrincipal “Identity normalization” SharePoint Web Application Access control Search Services Application WIFWIF

18

19 WCF (Windows Communication Foundation) WIF (Windows Identity Foundation).NET SharePoint Services Application Framework (Claims/Services) WSTrust Support

20 SharePoint-STSSharePoint-STS Web Part Search Services Application WS-Trust Proxy Client WS-Trust Endpoints Gate Keeper trust 5 6 Fabrikam Enterprise Farm-A Web App to Service T1 {User}T2 {User, Process} T2

21 FARM-B SharePoint-STSSharePoint-STS Web Part Search Services Application WS-Trust Proxy Client WS-Trust Endpoints Gate Keeper trust 5 6 Fabrikam Enterprise Farm-A to Farm-B Web App to Service SharePoint-STSSharePoint-STS WS-Trust Endpoints trust

22 demo

23 “Identity normalization” “Externalizing Authentication” Authentication methods SharePoint Web Application Access control “Support existing identity infrastructure” Search Services Application Content Database Client Services Application Framework SP-STS WIFWIFWIFWIF WIF – SPSTS IClaimsPrincipal IPrincipal “Support existing identity infrastructure” SharePoint Services Application Content Database WIFWIF IPrincipal

24

25 demo

26 “Externalizing Authentication” “Externalizing Authentication” Authentication methods SharePoint Web Application “Identity normalization” “Identity normalization” Access control “Support existing identity infrastructure” “Support existing identity infrastructure” Search Services Application Content Database Client Services Application Framework SP-STS WIFWIFWIFWIF WIF – SPSTS IClaimsPrincipal IPrincipal

27

28 Migrating to claims-based model – where to start It is not “ALL or Nothing” deal Claims-enable in phases: authentication, authorization, services

29 > Performance > Performance Milestone drove changes in WIF > Optimizations made to achieve the perf goal: > Number of claims > Number of service calls per page > Number of round trips to SP-STS per service request > Caching (ChannelFactory and tokens)

30 > Edge cases & assumptions > Cookie size limitation > Existing code had many assumptions about identity, each had to be uncovered and mapped > Clients integration > Consider client types to be supported > SP 2010 had Browser, Active, Designer tool clients > Both passive and active end points implemented on SharePoint STS

31

32

33

34 Built by Developers for Developers….

35 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36

Download ppt "Authentication methods SharePoint Web Application Windows integrated Membership & Role Providers Web SSO Access control Roles protected Anonymous."

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Preface Demo A Quick Thank You How Did We Do It?

Preface Demo A Quick Thank You How Did We Do It?
Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.

Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
demo Default WANGPSLookup Default WANGPS.

demo Default WANGPSLookup Default WANGPS.
Co- location Mass Market Managed Hosting ISV Hosting.

Co- location Mass Market Managed Hosting ISV Hosting.
Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.

Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.
www.sitemasher.com Multitenant Model Request/Response General Model.

Multitenant Model Request/Response General Model.
Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Announcing Demo Announcing.

Announcing Demo Announcing.
Feature: OLE Notes Migration Utility

Feature: OLE Notes Migration Utility
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Feature: SmartList Usability Enhancements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: SmartList Usability Enhancements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Similar presentations

Ads by Google