SharePoint 2013 Supported
authentication types and methods
1.
Windows authentication
2.
Forms-based authentication
3.
SAML token-based authentication
Windows
authentication
The
Windows authentication type takes advantage of your existing Windows
authentication provider (AD DS) and the authentication protocols that a Windows
domain environment uses to validate the credentials of connecting clients.
Windows authentication methods, which are used by both claims-based
authentication and classic mode, include the following:
1. Anonymous
a) This allows users to find and access resources
from public areas of websites.
b) They don’t have to provide any credentials for
authentication to do so.
2. Basic
a)
This requires a user
to have account credentials that have been assigned ala Windows.
b)
The credentials of
users aren’t encrypted but sent across the network as clear-text. . Always use
SSL encrypting for additional security.
c)
Therefore it isn’t
recommended for the use of basic authentication to be used on any connection
that isn’t secure.
3-Digest
a)
This type of
authentication is very similar in function to basic authentication. However, it
offers a much higher level of security with it.
b)
The credentials are
encrypted as they are sent across a network. The username and password can’t be
deciphered along the way.
c)
Valid credentials must
be given by a user that belong to the secret password string.
4-Certificates
a)
This offers an
exchange of the public key certifications.
b)
The use of SSL
encryption is used. These certificates are issued by a Certificate Authority.
They have to fit the Public Key Infrastructure.
c)
This can be done by
selecting Windows authentication in the Central Administration area.
d)
Once SSL is enabled
then the configured certification can be obtained from Certificate Authority.
5-NTLM
a) This is a requirement for any network that
receives requests for authentication from client computers which don’t support
Kerberos authentication.
b) NTLM is secure and it allows for credentials
of users to be encrypted before they are transmitted.
c) Windows NT Server, Windows 2003 Server
WorkGroup, and Active Directory use NTLM authentication.
d) It may be the default and need to be disabled
if you don’t want to use it.
6-Negotiate
a)
With negotiate
authentication for either NTLM or Kerberos, they client has to choose one of
them. The default is Kerberos.
b)
The client application
has to provide a Service Principal Name and a User Principal Name for the
account.
c)
When such information
can’t be offered then NTLM has to be used for authentication.
Forms-based
authentication
Forms-based
authentication is a claims-based identity management system that is based on
ASP.NET membership and role provider authentication. Forms-based authentication
can be used against credentials that are stored in an authentication provider,
such as the following:
1.
AD DS
2.
A database such as a SQL Server database
3.
An Lightweight Directory Access Protocol (LDAP) data store such
as Novell eDirectory, Novell Directory Services (NDS), or Sun ONE
Forms-based
authentication validates users based on credentials that users type in a logon
form (typically a web page). Unauthenticated requests are redirected to a logon
page, where a user must provide valid credentials and submit the form. The
system issues a cookie for authenticated requests that contains a key for
reestablishing the identity for subsequent requests.
SAML Token Based
This type of authentication is claims based. It is created to
support a Windows Identity Foundation. This is a set of .NET framework entities
used for the implementation of claims based identity. They include:
·
3rd Party identity providers
·
Active Directory
Federation Services 2.0
·
Windows Live ID
Or
SAML-based
Authentication in SharePoint 2013
1. A user who tries to access a secured webpage is
redirected to the external login page of the STS provider, the STS is
responsible for authenticating the user and producing the SAML token,
SharePoint accepts and processes the SAML token and creates a claims based
security token.
SAML mode is commonly used with Single Sign-On (SSO).
SAML mode is commonly used with Single Sign-On (SSO).
2.
Here we are taking the
farm architecture containing the following Servers:
- Domain(DC1): One computer running Windows Server 2008 R2 Enterprise
Edition that is configured as an intranet domain controller
- Database Server (SQL1): One intranet member server running Windows
Server 2008 R2 Enterprise Edition that is configured as a SQL
database server.
- Application Server (APP1): One intranet member server running Windows
Server 2008 R2 Enterprise Edition that is configured as the
SharePoint Server 2013 Preview application server.
- Web Frontend Server (WFE1): One intranet member server running Windows
Server 2008 R2 Enterprise that is configured as the SharePoint
front-end web server.
- Client Machine: One member client computer running Windows 7
Enterprise.
Difference between Classic and Claim based Authentication in SharePoint 2010
Classic Based Authentication :
- You cannot configure the Forms based authentication if your web application is using Classic Mode Authentication.You can convert a web application from Classic Mode Authentication to Claims Based Authentication. However, that can only be done using PowerShell commands and its an irreversible process.
- Classic authentication supports authentication types like Kerberos, NTLM, anonymous.
- Classic is more commonly seen in 2007 environments.
Claim Based Authentication:
- It enables authentication from windows as well as non-windows based systems. This also provides the capability to have multiple authentication in a single URL.
- Claims based authentication uses claims identities against a against a trusted identity provider.
- Claims are the recommended path for new deployments in SharePoint 2010
No comments:
Post a Comment