SharePoint Authentication and Authorization

•

4 gefällt mir•3,402 views

No matter which project, client or product you work with, there will always be a need to authenticate and authorize users into the solution. Historically, SharePoint has not always been the easiest platform to use for this, but now with the advent of SharePoint 2010, this changes the game. In this session, we will look at the array of out-of-the-box approaches. Using a real-world business requirement, we will use the Windows Identity Foundation to create a trusted identity provider that will allow for single sign-on between other SharePoint sites. We will also perform the SharePoint configuration to implement this with the standard out-of-the-box security of SharePoint to ensure authentication and authorization is completed easily. Using this technology, you will be able to see how SharePoint 2010 is more than capable of authenticating and authorizing users from any line of business or custom authentication store. By the end if this session, you will be able to identify the many authentication approaches, as well as when to use a specific type of authentication or authorization within your solutions.

Technologie

authorizing
authority

authority
authority

authority

ASP.NET Authentication

Source: http://go.spdan.com/iisauth

Identity Provider SharePoint 2010
Security Token Service aka RP
aka IP-STS

1. Resource Requested
2. AuthN Request / Redirect
3. AuthN Request
4. Security Token
5. Security Token Request
6. Service Token
7. Resource Request w/Service Token
8. Resource Sent

Web Application / Site Collection Anonymous

Secured Site / Site Collection / Content
Authentication

Content Repository
Is In Site Group?
Content

Does user have claim attribute?

jase@sharepointlonghorn.co
dan@spdan.com m
@usher @sharepointlhorn
www.sharepointdan.com www.sharepointlonghorn.com

Scott.hoag@spdelta.com liamcleary@msn.com
@ciphertxt @helloitsliam
http://psconfig.com www.helloitsliam.com

Empfohlen

Attacking Web ApplicationsSasha Goldshtein

Web Vulnerabilities - Building Basic Security AwarenessGurpreet Luthra

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeAlexandre Morgaut

A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew

Unmasking YouJoshua Abraham

Pentesting RESTful webservicesMohammed A. Imran

Web application security: Threats & CountermeasuresAung Thu Rha Hein

Empfohlen

Attacking Web ApplicationsSasha Goldshtein

Web Vulnerabilities - Building Basic Security AwarenessGurpreet Luthra

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeAlexandre Morgaut

A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew

Unmasking YouJoshua Abraham

Pentesting RESTful webservicesMohammed A. Imran

Web application security: Threats & CountermeasuresAung Thu Rha Hein

Writing Secure SharePoint Code - SharePoint Saturday TorontoEli Robillard

Spa Secure Coding GuideGeoffrey Vandiest

Intrigue Core: Scaling Assessment AutomationJonathan Cran

Browser Internals-Same Origin PolicyKrishna T

Building Secure User Interfaces With JWTsrobertjd

Token Authentication for Java ApplicationsStormpath

SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee

Django Web Application Securitylevigross

2014-04-05 - SPSPhilly - Authentication and AuthorizationDan Usher

ID連携入門 (実習編) - Security Camp 2016Nov Matake

SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee

Rest API SecurityStormpath

Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath

Starwest 2008Caleb Sima

JWT Authentication with AngularJSrobertjd

[Poland] It's only about frontendOWASP EEE

Web Application Security: Winning When The Odds Are Against Youbendechrai

Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli

Deconstructing and Evolving REST SecurityRoberto Cortez

Phpnw security-20111009Paul Lemon

SharePoint Conference 2018 - Understanding Office 365 Usage ReportingScott Hoag

SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag

Weitere ähnliche Inhalte

Ähnlich wie SharePoint Authentication and Authorization

Writing Secure SharePoint Code - SharePoint Saturday TorontoEli Robillard

Spa Secure Coding GuideGeoffrey Vandiest

Intrigue Core: Scaling Assessment AutomationJonathan Cran

Browser Internals-Same Origin PolicyKrishna T

Building Secure User Interfaces With JWTsrobertjd

Token Authentication for Java ApplicationsStormpath

SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee

Django Web Application Securitylevigross

2014-04-05 - SPSPhilly - Authentication and AuthorizationDan Usher

ID連携入門 (実習編) - Security Camp 2016Nov Matake

SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee

Rest API SecurityStormpath

Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath

Starwest 2008Caleb Sima

JWT Authentication with AngularJSrobertjd

[Poland] It's only about frontendOWASP EEE

Web Application Security: Winning When The Odds Are Against Youbendechrai

Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli

Deconstructing and Evolving REST SecurityRoberto Cortez

Phpnw security-20111009Paul Lemon

Ähnlich wie SharePoint Authentication and Authorization (20)

Writing Secure SharePoint Code - SharePoint Saturday Toronto

Spa Secure Coding Guide

Intrigue Core: Scaling Assessment Automation

Browser Internals-Same Origin Policy

Building Secure User Interfaces With JWTs

Token Authentication for Java Applications

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Django Web Application Security

2014-04-05 - SPSPhilly - Authentication and Authorization

ID連携入門 (実習編) - Security Camp 2016

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Rest API Security

Building Secure User Interfaces With JWTs (JSON Web Tokens)

Starwest 2008

JWT Authentication with AngularJS

[Poland] It's only about frontend

Web Application Security: Winning When The Odds Are Against You

Roberto Bicchierai - Defending web applications from attacks

Deconstructing and Evolving REST Security

Phpnw security-20111009

Mehr von Scott Hoag

SharePoint Conference 2018 - Understanding Office 365 Usage ReportingScott Hoag

SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag

Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag

Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag

SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...Scott Hoag

SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365Scott Hoag

JAXSPUG April 2016 - Staying in the Know with Office 365Scott Hoag

JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365Scott Hoag

SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePointScott Hoag

SPSNYC SharePoint Worst PracticesScott Hoag

March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...Scott Hoag

SYDSP - Office 365 and Cloud Identity - What does it mean for me?Scott Hoag

SPSVB - Office 365 and Hybrid Solutions... what works for my organization?Scott Hoag

SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?Scott Hoag

SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePointScott Hoag

SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...Scott Hoag

SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?Scott Hoag

SPSCBR - Pitfalls of Migrating to SharePoint 2013Scott Hoag

Office 365 and Cloud Identity – What Does It Mean For Me?Scott Hoag

Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013Scott Hoag

Mehr von Scott Hoag (20)

SharePoint Conference 2018 - Understanding Office 365 Usage Reporting

SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...

Global Azure Bootcamp 2018 - Azure Security Center

Global Azure Bootcamp 2018 - Azure Network Security

SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...

SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365

JAXSPUG April 2016 - Staying in the Know with Office 365

JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365

SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint

SPSNYC SharePoint Worst Practices

March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...

SYDSP - Office 365 and Cloud Identity - What does it mean for me?

SPSVB - Office 365 and Hybrid Solutions... what works for my organization?

SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?

SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint

SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...

SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?

SPSCBR - Pitfalls of Migrating to SharePoint 2013

Office 365 and Cloud Identity – What Does It Mean For Me?

Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013

Kürzlich hochgeladen

TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc

TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey

Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes

The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech

How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe

A Journey Into the Emotions of Software DevelopersNicole Novielli

Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani

Rise of the Machines: Known As Drones...Rick Flair

UiPath Community: Communication Mining from Zero to HeroUiPathCommunity

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney

Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq

Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3

Sample pptx for embedding into website for demoHarshalMandlekar2

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

Scale your database traffic with Read & Write split using MySQL RouterMydbops

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5

Manual 508 Accessibility Compliance AuditSkynet Technologies

Kürzlich hochgeladen (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy

TeamStation AI System Report LATAM IT Salaries 2024

Assure Ecommerce and Retail Operations Uptime with ThousandEyes

The Ultimate Guide to Choosing WordPress Pros and Cons

How AI, OpenAI, and ChatGPT impact business and software.

A Journey Into the Emotions of Software Developers

Potential of AI (Generative AI) in Business: Learnings and Insights

Rise of the Machines: Known As Drones...

UiPath Community: Communication Mining from Zero to Hero

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...

Genislab builds better products and faster go-to-market with Lean project man...

Digital Identity is Under Attack: FIDO Paris Seminar.pptx

Sample pptx for embedding into website for demo

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24

Generative AI for Technical Writer or Information Developers

Scale your database traffic with Read & Write split using MySQL Router

Moving Beyond Passwords: FIDO Paris Seminar.pdf

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...

Manual 508 Accessibility Compliance Audit

SharePoint Authentication and Authorization

2. Scott Hoag ciphertxt

3. Dan Usher usher

4. Jason Himmelstein sharepointlhorn

5. introductions

6. a few ground rules…

8. Security

9. http://xkcd.com/109/

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

20. authorizing authority authority authority authority

21.

22.

23. http://go.spdan.com/cba

24.

25. http://go.spdan.com/claimsencoding

26. ASP.NET Authentication Source: http://go.spdan.com/iisauth

27. Identity Provider SharePoint 2010 Security Token Service aka RP aka IP-STS 1. Resource Requested 2. AuthN Request / Redirect 3. AuthN Request 4. Security Token 5. Security Token Request 6. Service Token 7. Resource Request w/Service Token 8. Resource Sent

28. Side Story SharePint Anyone?

29.

30.

31.

32.

33.

34. https://sts.domain.com

35.

36. Web Application / Site Collection Anonymous Secured Site / Site Collection / Content Authentication Content Repository Is In Site Group? Content Does user have claim attribute?

37.

38. Real World

39.

40. Questions / Evals

41. jase@sharepointlonghorn.co dan@spdan.com m @usher @sharepointlhorn www.sharepointdan.com www.sharepointlonghorn.com Scott.hoag@spdelta.com liamcleary@msn.com @ciphertxt @helloitsliam http://psconfig.com www.helloitsliam.com