In today’s complex market place of corporate partnerships and relationships, sharing information is pertinent to ensuring that business operations are conducted in a secure computing environment with trusted entities being provided access to protected information.
In this session, Dan and Scott will discuss the basics of authentication and authorization in relation to the SharePoint platform. Further, we will be discussing the technical underpinnings of the SharePoint platform’s processing of a user’s identity dependent on identity provider and authorization settings.
As a part of this session we will demonstrate different authentication and authorization configurations that are common place in today’s business settings to include when to use:
* Integrated Windows Authentication
* Forms Based Authentication using SQL Server
* ADFS as a Trusted Identity Provider
* Threat Management Gateway with Kerberos Constrained Delegation using client certs
After attending this session, attendees will have a better grasp of the configuration complexities involved with each scenario as well as the user experience impacts based on the path taken.
2. PRINCETON SHAREPOINT USER GROUP
• Different SharePoint discussions each
month on various topics. Announced on
meetup.com
• Meets 4th Wednesday of every month
• 6pm – 8pm
• Infragistics Office
• 2 Commerce Drive, Cranbury, NJ
• http://www.meetup.com/princetonSUG
• http://www.princetonsug.com
3. THANK YOU
EVENT
SPONSORS
• Platinum & Gold sponsors
have tables here in the
Fireside Lounge
• Please visit them and
inquire about their
products & services
• To be eligible for prizes
make sure your bingo card
is signed by all
Platinum/Gold
4. WHO ARE WE?
Scott Hoag
@ciphertxt
Applied Information Sciences
Infrastructure Consultant
scott.hoag@appliedis.com
• Dan Usher
• @binarybrewery
• Booz Allen Hamilton Incorporated
• Lead Associate
• usher_daniel@bah.com
7. HOUSEKEEPING
• Phones silenced, phasers set to stun
• Ask questions
• Please remember to turn in your filled out bingo cards and event evaluations for prizes.
• Follow SharePoint Saturday New Jersey on Twitter @spsnj and hashtag #spsnj
• Do not feed Scott donuts…
19. AUTHORIZATION – WHAT IS?
• The act of authorizing.
• Permission or power granted by an authority; sanction.
• To give authority or official power to.
• To give authority for; formally sanction (an act or
proceeding).
• To establish by authority or usage.
• Sometimes we call it AuthZ.
26. AUTHENTICATION – CLAIM TERMINOLOGY
• Identity
• Info about a Person or Object
(AD, Google, Windows Live, Facebook
etc.)
• Claim
• Attributes of the Identity (User
ID, Email, Age etc.)
• Token
• Binary Representation of Identity
• Set of Claims and the Signature
• Relying Party (aka RP)
• Users Token
• Secure Token Service (STS)
• Issuer of Tokens for Users
• SharePoint 2010 Introduced Claims
Authentication
• What is this? http://go.spdan.com/cba
47. SHAREPOINT AUTHZ
Anonymous
Authentication
Is In Site Group?
Does user have claim attribute?
Web Application / Site Collection
Secured Site / Site Collection / Content
Content Repository
Content
54. SECURITY IN THE REAL WORLD
• Expect the unexpected
• People will find a way to circumvent your
security
• Give users minimal permission
• Starting with Less is good
• Add functionality through permission as
needed
• Be prepared to secure at all levels
• Web Application
• Site Collection
• Site
• List or Library
• Item
• Use roles from Provider
• Active Directory Groups
• Membership and Role Provider Roles
• Claims
56. CATCH UP WITH US…
Usher_Daniel@bah.com
@binarybrewery
www.sharepointdan.com
Scott.hoag@appliedis.com
@ciphertxt
http://psconfig.com
57. THANK YOU
EVENT
SPONSORS
• Platinum & Gold sponsors
have tables here in the
Fireside Lounge
• Please visit them and
inquire about their
products & services
• To be eligible for prizes
make sure your bingo card
is signed by all
Platinum/Gold
Hinweis der Redaktion
Dan
Dan
Dan/Scott
Scott
Scott
Scott
Dan
Scott
Dan
Dan
Scott
Scott
Danger Waterfall ahead
Scott----- Meeting Notes (7/23/12 23:35) -----Thinking about administrators for SharePoint - what access do they have?
Dan
Dan
Dan
Dan
Dan/Scott
ScottStandards based: Wide SupportEasy to configure? Multiple Web Config changes, Web Application Changes and then of course the actual configuration of your identity provider
Scott
Dan
Scott
Scott
Dan
Dan
Dan/Scott
Dan
Scott
Scott
Scott
Scott
Dan
Dan
DanCurious how to manage Windows Azure Active Directory through PowerShell? http://technet.microsoft.com/en-us/library/jj151815.aspx
DanCurious how to manage Windows Azure Active Directory through PowerShell? http://technet.microsoft.com/en-us/library/jj151815.aspx
Scott
Scott
ScottDifferent security boundaries and the permissions that can be applied to them.