Authentication and Authorization in SharePoint 2013

Hi SharePoint friends,

Today I am going to give u a short and sweet about the authentication and authorization in SharePoint 2013 and the improvements in SharePoint 2013. The contents available in this post are taken various sites and MSDN.

What is authentication in SharePoint?

It is a provider that validates the users identity who request access to the web application, Once validated it issues the authenticated user a security token that encapsulates a set of claims based assertions about the user and is used to verify a set of permission assigned to the user.

What is authorization in SharePoint?

It is the process that determines the defined operation on a specified resource within the web application of the authenticated user.

I think you are very clear about the authentication and authorization concept in SharePoint.

The following are the recommended methods of authentication in SharePoint 2013

  1. Windows claim
  2. Security Assertion Markup Language (SAML)-based claims
  3. Form-based authentication
  4. Classic mode authentication – This type is available but it is not recommended and mostly all the new features like app and server to server authentication requires claims based authentication. This authentication can be configured using PowerShell commands.

Note: The classic mode authentication is deprecated in SharePoint 2013.

A new authorization named OAuth is introduced in SharePoint 2013. It is an open protocol and it provides temporary redirection based authorization. It enables users to approve an application act on their behalf without sharing their credentials ( Username and Password). In SharePoint 2013 this authorization feature is used to allow users to grant apps in both SharePoint Store and App Catalog to access the specified, protected user resources and data.

The above is all the general definitions or descriptions for authentication and authorization in SharePoint 2013. Now we can see what are the all the improvements that has been made in the claims based authentication.

Improvements:

  • Easier migration from classic mode to Windows-based claims mode with the new Convert-SPWebApplication Windows PowerShell cmdlet
  • Login tokens are now cached in the new Distributed Cache Service – SharePoint 2013 use Distributed Cache service to cache login tokens. In SharePoint 2010 the login tokens are stored in the memory of each front-end servers. Sometimes it cause multiple re-authentication if load balancers are used. Since SharePoint 2013 use a dedicated service for caching there are scale-out benefits and less memory utilization on the front-end servers.
  • Apart from the current logging features, the following are the enhanced logging support provided in SharePoint 2013
    • Separate categorized-claims related logs for each authentication mode
    • Information about adding and removing FedAuth cookies from the Distributed Cache Service
    • Information about the reason why a FedAuth cookie could not be used, such as a cookie expiration or a failure to decrypt
    • Information about where authentication requests are redirected
    • Information about the failures of user migration in a specific site collection

For More information about authentication and authorization in SharePoint 2013 please refer the following links.

Cheers…

Comments

  1. Suresh PydiWednesday, March 27, 2013 at 12:12:00 AM GMT+5:30

    Great article. Here is one more article explaining sharepoint 2013 security model

    http://sureshpydi.blogspot.in/2013/03/sharepoint-2013-security-model.html

    ReplyDelete
  2. Suresh PydiThursday, March 28, 2013 at 5:08:00 PM GMT+5:30

    Nice post. Here are the posts explaining sharepoint 2013 security model and app security model

    http://sureshpydi.blogspot.in/2013/03/sharepoint-2013-security-model.html

    http://sureshpydi.blogspot.in/2013/03/share-point-2013-app-permissions.html

    ReplyDelete
  3. UnknownThursday, July 4, 2013 at 11:41:00 AM GMT+5:30

    Nice post very helpful

    dbakings

    ReplyDelete
  4. IT TutorialsMonday, May 15, 2017 at 10:41:00 AM GMT+5:30

    Given so much information in it. its very useful .perfect explanation about Dot net framework.Thanks for your valuable information. dot net training in chennai velachery | dot net training institute in velachery

    ReplyDelete

Post a Comment

Popular posts from this blog

PowerShell to update SharePoint Online User Profile property from Azure AD

Image
Hi Friends, in this post, I am gonna walk you through the steps to update the SharePoint Online User Profile property from Azure AD. You may think, why this is necessary since SharePoint online will sync automatically with Azure AD. The tricky part is the auto-sync may take up to 24 hrs to sync Azure AD to SharePoint UPS. The next tricky part is not all the AAD profile properties are synced to SharePoint UPS. Only a few of the properties are synced and below are the list of properties relevant to the profile that is synced to SharePoint UPS User Name First name Last name Name Office phone Department Job title Manager Office Office phone What about the other properties like 'Mobile Phone' that are relevant to the user??? What about if there is a drastic change in the Organization structure and you want the SharePoint UPS to reflect immediately??? To resolve all these obstacles and issues, we need to use PowerShell Now you understand why there i
Read more

SPFx - Office UI Fabric react DetailsList & PropertyFieldCodeEditor to show the CSV data

Image
Hi Friends, this is a series of the post explains different capabilities of the web part using SPFx. Using DateTime control PropertyFieldCollectionData Property Pane Control Using FilePicker and FileTypeIcon control Office UI Fabric react DetailsList & PropertyFieldCodeEditor to show the JSON data Office UI Fabric react DetailsList & PropertyFieldCodeEditor to show the CSV data  --> You are here In this post, I am gonna show you how we can use  DetailsList   from  UI Fabric  and  PropertyFieldCodeEditor  property pane control from PnP on the SPFx web parts. The code walkthrough shown below will display the ' CSV ' data in the DetailsList. Regarding the creation of the basic project stuff, please refer to the  blog post . I hope those who are familiar with SPFx would know how to create the project and add the dependent npm packages. The following are some of the pre-requisites for the solution to work. Used  SharePoint Yeoman generator  version 
Read more

SPFx - Office UI Fabric react DetailsList & PropertyFieldCodeEditor to show the JSON data

Image
Hi Friends, this is a series of the post explains different capabilities of the web part using SPFx. Using DateTime control PropertyFieldCollectionData Property Pane Control Using FilePicker and FileTypeIcon control Office UI Fabric react DetailsList &  PropertyFieldCodeEditor to show the JSON data --> You are here Office UI Fabric react DetailsList & PropertyFieldCodeEditor to show the CSV data In this post, I am gonna show you how we can use  DetailsList   from UI Fabric and PropertyFieldCodeEditor  property pane control from PnP on the SPFx web parts. The code walkthrough shown below will display the ' JSON ' data in the DetailsList. Regarding the creation of the basic project stuff, please refer to the  blog post . I hope those who are familiar with SPFx would know how to create the project and add the dependent npm packages. The following are some of the pre-requisites for the solution to work. Used  SharePoint Yeoman generator  version 
Read more