Your SlideShare is downloading. ×
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
SharePoint 2007 Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SharePoint 2007 Security

4,245

Published on

Overview slides on how to practically use the Community Kit for SharePoint Form Base Authenication from Codeplex for a website needing authorise user login in order to view secure content.

Overview slides on how to practically use the Community Kit for SharePoint Form Base Authenication from Codeplex for a website needing authorise user login in order to view secure content.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
4,245
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
74
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SharePoint Security Framework Model Department of Premier & Cabinet Presented by: DPC IT – David Liong
  • 2. Presentation Contents
    • Introduction: What is it?
    • Overview of security model
    • Setting up (prior to implementation):
      • Security group
      • Security permission on contents, page and sub-sites
    • Security Feature Overview
    • Demo
    • Summary
    SharePoint Security Framework Model
  • 3. Introduction SharePoint Security Framework model used for DPC & PSC is based originally from the SharePoint community group who created the CKS FBA (Community Kit for SharePoint Form Base Authentication). CKS FBA is a open source code that uses set of .NET technologies of Web Parts, tools with SQL membership provider in managing external users account who don’t have AD and visits a public interfacing website that is either secured entirely or at partial sections of sites i.e. either at the sub-site, page or content levels. SharePoint Security Framework Model
  • 4. Overview dsfaa SharePoint Security Framework Model Synchronize content http://<intranet domain>:<port No.> http://<extranet domain> or https:// Active Directory SQL Database Content DB source
  • 5. Security Group Setup SharePoint Security Framework Model Internal (AD) and/or External Administrator
    • Create SharePoint group to define roles
    Site Administrators group Site Collection Administrators group SQL Database Site A Site B Maintains external users for Site A Site A Site B External Users External Members group External Visitors group Site A SQL Database Unable to view any users from SQL DB Maintains external users for Site B Maintains ALL external users for all sites Create permission on who has access to sub-sites, page s, web-part sand content s
  • 6. Permission Security Setup SharePoint Security Framework Model Internal Users
    • Configure who has access permission to sub-sites, pages & contents
    AD & External Site Administrators group Site A Full control permission rights to site External Users External Members group External Visitors group Other AD groups
    • Use target audience property for giving permission on :
    • i) Web Parts ii) Page
    • Permission level feature on sub-sites
  • 7. Web-part Permissions Setup SharePoint Security Framework Model Internal (AD) Users
    • Secure certain content section of a public page(s) to certain target audience
    External Users External Members group External Visitors group Other AD groups (non admin)
  • 8. Web Page Permissions Setup SharePoint Security Framework Model Internal (AD) Users
    • Secure certain page(s) to certain target audience
    External Users External Members group External Visitors group Other AD groups (non admin) Note: Only hide navigation URL and so unauthorized people can get to the hidden page but secured content will not be displayed.
  • 9. Sub-Site Permissions Setup SharePoint Security Framework Model Internal (AD) Users
    • Secure certain page(s) to certain target audience
    External Users External Members group External Visitors group Other AD groups (non admin) Note: Navigation URL is displayed but unauthorized people will get denied access when the navigation link is click.
  • 10. Security Feature Overview SharePoint Security Framework Model
    • CKS FBA has the following features:
    Web-Parts Login web-part: Lock out user account after 3 invalid login attempts for external users. Site administrator will unlock user account & reset password which will notify user via email
    • New registration web-part: Adopts network password policy, i.e.
    • Must be alphanumeric characters (at least 1 upper & lower case letter and 1 digit 0-9);
    • Character must be at least 6 characters minimum up to 15 characters length maximum;
    • At least 1 non alphanumeric character
    • e.g. Password1! - valid
  • 11. Security Feature Overview SharePoint Security Framework Model
    • CKS FBA has the following features:
    Web-Parts Password recovery web-part: Resets user’s password and emails the user with a temporary password. Change password web-part: Adopts network password policy when changing old password to a new password. User Account UI: Administrator can manage external user accounts in SharePoint.
  • 12. Demo SharePoint Security Framework Model
    • Add a new registered member
    • Change password
    • Reset password
  • 13. Security Architecture SharePoint Security Framework Model
    • Website application outage occur will not be affected to other websites.
    • SQL DB server outage will affect ALL sites. However DB outage will not be an issue if Windows Live ID authentication for SharePoint is adopted.
    • SSL license for each independent websites (if required)
  • 14. Security Feature Summaries SharePoint Security Framework Model What CKS FBA has delivered:
    • Password is encrypted in SQL DB and from web interface and follows dept. password policy.
    • A user has ability to request website access via website. And a record will be automatically save into SQL User List database.
    • Site administrator will receive an email, and can grant permission for the pending new registration request. User will then receive the login authorization email with the automatically generated password in plain text, when site administrator approves request.
    • New registered user can change password.
    • Forgotten password function sends a new password to the registered email address.
    • Web interface to allow site administrator can create a new user & add user into a site group, deactivate or delete a user from site level. The record will be saved into SQL DB.
  • 15. Security Feature Summaries SharePoint Security Framework Model Some enhancements for CKS FBA in phase 2:
    • Need a logout button for the log-in web part, so that external users can log out from site if SharePoint template site does not provide out of the box sign-out link. Hide login button and display user’s name after user has been authenticated.
    • No website interface in SharePoint to display list of all users information for all sites from SQL database. (e.g. UI ability for Administrator to unlock a user if SQL locks user's account after  3 number of failed logon attempts before password reset can be implemented)
    • FBA page locks user accounts after x number of failed logon attempts but does not make the user be aware that his/her account has been locked.
    • Generate reports on which sites a specific user has access to, and which users have access to a specific site.
    • Change password web-part does not validate if existing password that was entered by user is the same as the new password. Hence existing external user can retain their old password by keeping password change the same.
    • Send an email to users at the same time after when a user resets their passwords.
  • 16. FAQ SharePoint Security Framework Model Any Questions?

×