Download presentation
Presentation is loading. Please wait.
Published byBrianne Hampton Modified over 6 years ago
1
5/13/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
2
Working with OAuth in SharePoint 2013
5/13/2018 Working with OAuth in SharePoint 2013 Eric Shupps SharePoint Server MVP © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3
About Me The SharePoint Cowboy CKS:DEV Patterns & Practices
SPC Developer 5/13/2018 About Me The SharePoint Cowboy The SharePoint Cowboy Eric Shupps CKS:DEV CKS:DEV Patterns & Practices Patterns & Practices facebook.com/sharepointcowboy slideshare.net/eshupps @eshupps © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
4
Agenda Introduction Fundamentals Implementation Application
5
5/13/2018 Introduction © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
6
What is OAuth? Open standard for app integration and authorization
SPC Developer 5/13/2018 What is OAuth? Open standard for app integration and authorization Authentication independent “Valet Key” Access Permissions © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
7
What OAuth is NOT Authentication
8
Why do we need it? Simplify credential management
Minimize vulnerabilities Increase user control over application activities Define explicit trust relationships Expand interoperability Decrease API complexity
9
Security Designed for non-secure communications over HTTP
HTTPS also supported (and preferred by many) Digital signatures, identifiers, tokens and secrets Risks Man in the Middle Private keys Session fixation Covert redirect
10
5/13/2018 Fundamentals © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11
Roles Resource Owner Resource Server Client Authorization Server
Grants access to a protected resource Hosts the protected resource and accepts access requests Application making protected resource requests on behalf of the resource owner Issues access tokens
12
Flow Resource Owner Client Authorization Server Resource Server
Authorization Request Client Resource Owner Authorization Grant Authorization Grant Authorization Server Access Token Access Token Resource Server Protected Resource
13
Three Legged Authorization
SPC Developer 5/13/2018 Three Legged Authorization 1 User requests access App requests Request Token App builds auth link w/ Request Token Provider returns Request Token 2 User requests URL + Request Token Provider returns access token 3 User requests URL + Access Token App validates access token User granted access Access token validated User App Provider © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
14
Two Legged Authorization
SPC Developer 5/13/2018 Two Legged Authorization 1 User requests access App requests Access Token App builds auth link w/ Access Token Provider returns Access Token 2 User requests URL + Access Token App validates access token User granted access Access token validated User App Provider © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
5/13/2018 Implementation © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
16
Overview Provides integration without multiple logins
Enables server to server operations on behalf of users Establishes trust relationships between diverse components Supports App Model
17
Security Token Service
Concepts Identity Provider Manages identity information for principals (STS) Security Token Service Handles requests for trusted identity claims Identity Token Issuer Identity provider associated with a web application Security Token Issuer Trusted resource (farm, server, etc.) Metadata Endpoint Resource information and signing certificate (JSON) Request Token Used to request permission to protected resource Access Token Used by App to access resource on behalf of user Realm Operation scope for authorization Azure ACS Cloud-based security token service (IP-STS)
18
Scenarios Farm to Farm Server to Server .NET HTML PHP Apps
19
Platforms On Premise Online High Trust High Trust Low Trust Low Trust
Farm to Farm S2S Low Trust Server to Server Apps ACS Apps Low Trust Apps ACS
20
Demo SharePoint App Authorization Process 5/13/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
21
5/13/2018 Application © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
22
Context On Premise Online User browses to App SP returns parameters
SP gets request token from ACS SP returns parameters SP sends request tokens to browser Browser POSTS parameters to App On Premise Online Browser POSTS request token to app App requests access token from SP App requests access token from ACS SP validates S2S trust ACS provides access token App establishes context App establishes context
23
Demo Establishing Context for SharePoint Apps 5/13/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
24
Token Management On Premise Online Get request parameters
Get POST parameters from SP Get claims from Windows identity Parse out Context Token Get access token with S2S Read and validate context token On Premise Online Establish client context Get access token Get client context from SP with access token
25
Request Token Client ID App URL Tenant ID Azure ACS Tenant ID Start
{ "aud": 2ae1caa2-a b8f5-9da45655b8f4", "iss": "nbf": , "exp": , "appctxsender": "appctx": "{\"CacheKey\":\"082e7cPwbER/1hDi2XQ9knd0+yBxexLQr4NGa2/OeQ8=\",\"SecurityTokenServiceUri\":\" "refreshtoken": "IAAAAL-NR6oQnFU49avbpq7mAhglyGqBvmT3YF8_DGO88fIAIXioxAllnYe0XHr-rb_RDk8X8iqc4gmcyBjpV8E-uVgRG9d6j-IvQQ8qtk2acNXaJ3JpuFKNRhAJoOGOep1i3XGi5jX3Z1u5MzyjmHv2VBGJFEhYtc99TGlZTDIFTqlJmDcxcMAjLZWnY5sMBr-B5IRvl5Cw6l2hvqolj3R2hJ9mPDpVQ4l0l-v28wK6OLi57wPpKAUWlbcRCxmC6oGggdkkF2OEoxujZvZSCCG05YQaS2Z1w_Gphgu5kcYfwVU27bAYfsq3TcA8W0sIt_lUxvD3Lg3mGLr_X5JoTw-t28g", "isbrowserhostedapp": "true" } Client ID App URL Tenant ID Azure ACS Tenant ID Start End SharePoint Tenant ID User ID + Issuer + App + Realm IP-STS URL Token sent to IP-STS (Azure ACS) Browser or Event Receiver
26
Access Token SharePoint Host Web Tenant ID Azure ACS Tenant ID Start
{ "typ":"JWT" "alg":"RS256" "x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":" ff1-ce "nbf": "exp": "nameid":" ad02d6" "identityprovider":"urn:federation:microsoftonline“ } SharePoint Host Web Tenant ID Azure ACS Tenant ID Start End UPN STS ID Tenant ID
27
Demo Decoding Authorization Tokens 5/13/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
28
Debugging On-premise vs. Online Scope Persistence Context Permissions
29
Demo Debugging the Authorization Process 5/13/2018
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
30
More Information Description Link OAuth Working Group
OAuth Resource Guide Authorization and authentication for apps in SharePoint 2013 Setting up an OAuth trust between farms in SharePoint 2013 Plan for server-to-server authentication in SharePoint 2013 What’s new in authentication for SharePoint 2013 Creating High-Trust apps with S2S Using O365 to Authorize On-Premise Apps
31
Dev. Office .com One stop shop for Office Developer Platform
32
Calls to action Explore our MSDN Library
5/13/2018 Calls to action Explore our MSDN Library Play with our code samples Follow our Patterns & Practices Get Answers Give Feedback Drive our roadmap © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
33
aka.ms/OfficeAMS Patterns and practices
Providing App Model Patterns for common Full Trust Code scenarios 30+ Visual Studio projects Common scenarios Branding Site provisioning Remote event receivers Large file support Taxonomy driven navigation And much more… Contribute Open source coming soon!
34
Related content – Breakouts
5/13/2018 Related content – Breakouts OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NET Monday, May 12 1:15 PM - 2:30 PM Room: 350D DEV-B230 Most Commonly Asked for On-Premises Customizations Reimagined as Applications for SharePoint Monday, May 12 3:00 PM - 4:15 PM Room: 350D DEV-B319 Get Started Developing Applications for Microsoft Office and SharePoint Server Monday, May 12 4:45 PM - 6:00 PM Room: 332A DEV-B231 Office Power Hour: New Developer APIs and Features for Applications for Office Tuesday, May 13 8:30 AM - 9:45 AM Room: 381A DEV-B227 Anyone Can Build a SharePoint Application with Microsoft Access Tuesday, May 13 8:30 AM - 9:45 AM Room: 332A OFC-B274 Implementing Microsoft SharePoint 2013 Hybrid for Search, Business Connectivity Services, Microsoft OneDrive for Business and Yammer Tuesday, May 13 1:30 PM - 2:45 PM Room: 360A © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
35
5/13/2018 DEV-B232 Creating Cloud Hosted Line-of-Business Applications with Apps for Office, Microsoft Office 365, Microsoft Azure, and Windows Phone 8 Wednesday, May 14 8:30 AM - 9:45 AM Room: 340 OFC-B311 A Practical Use of External Data Sources Wednesday, May 14 8:30 AM - 9:45 AM Room: 360A DEV-B357 Developing Office 365 Cloud Business Applications Wednesday, May 14 5:00 PM - 6:15 PM Room: Hilton L2 Ballrm C DEV-B387 Deep Dive into Mail Compose Applications APIs Wednesday, May 14 5:00 PM - 6:15 PM Room: 352D DEV-B386 Setting Up Your On-Premises Environment for App Development Thursday, May 15 10:15 AM - 11:30 AM Room: 320A DEV-B228 Build Connected Productivity Apps for SharePoint and Office Thursday, May 15 10:15 AM - 11:30 AM Room: Hilton L2 Ballrm C DEV-B390 SharePoint Power Hour: New Developer APIs and Features for Apps for SharePoint Thursday, May 15 1:00 PM - 2:15 PM Room: 360A DEV-B389 Who Are You and What Do You Want? Working with OAuth in Microsoft SharePoint Thursday, May 15 2:45 PM - 4:00 PM Room: 310A © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
36
5/13/2018 Related content – Labs DEV-H207 Developing Applications for Microsoft SharePoint 2013 with Visual Studio 2013 OFC-H308 Building Task Pane Applications for Microsoft Office 2013 OFC-H309 Building Visual Studio-Based Workflows in Microsoft SharePoint 2013 OFC-H310 Building Windows 8 Applications with Microsoft SharePoint 2013 OFC-H311 Business Connectivity Services (BCS) for Microsoft SharePoint 2013 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
37
Related content – Exam Prep
5/13/2018 Related content – Exam Prep EXM04 Exam Prep: and MCSE: SharePoint (Microsoft SharePoint Server 2013) Tuesday, May 13 8:30 AM - 9:45 AM Room: Hilton L2 Ballrm F © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
38
Resources Learning TechNet msdn http://channel9.msdn.com/Events/TechEd
5/13/2018 Resources Sessions on Demand Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals msdn Resources for Developers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
39
Complete an evaluation and enter to win!
5/13/2018 Complete an evaluation and enter to win! © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
40
Evaluate this session Scan this QR code to evaluate this session.
5/13/2018 Evaluate this session Scan this QR code to evaluate this session. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
41
5/13/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.