SharePoint Access ControlJonathan Schultz (@SharePointValue)      Skyline Technologies, Inc.             01/18/2012
About Skyline Technologies•   Leading Microsoft solutions provider     – Develops and tailors IT applications to meet the ...
Agenda•   SharePoint Access Control•   What are Claims?•   Why would you use them?•   Claims-Based Authentication•   Reali...
SharePoint Access Control• Authentication vs. Authorization  – Authentication = Who are you?  – Authorization = What can y...
Security EnvironmentsLoosely Managed                Tightly Managed• Distributed Accountability   • Centralized Authority•...
GroupsSharePoint Groups      Active Directory Groups• Distributed          • Centralized• SharePoint Only      • Enterpris...
What are Claims?• Attributes about a User• Need to Come from Someone You Trust• Driver’s License Example  – Trusted Provid...
UWEBC Claims Example• Trusted Provider = Cavinda• My Claims  – Name = Jonathan Schultz  – Company = Skyline Technologies  ...
Why Use Claims?• Claim Augmentation  – Security Groups from Active Directory  – HRMS/CRM Attributes     • Title/Role• Fede...
Basic Claims Scenario
Claims Based Architecture
Terminology• Security Token Service (STS)  – Identity Provider (IP-STS)  – Relying Party (RP-STS)• Security Assertion Mark...
Under the Covers
Claims-to-Windows Token Service
Claims Based Architecture Notes• New in SharePoint 2010• Authentication Prompt for Multiple Providers• All Intra/Inter Far...
Claims Development Tasks• Custom Login Pages  –   Extranet Scenarios  –   Branding  –   “Remember Me” Capability  –   Home...
Reality of Claims Based Authentication• Claims Authorization uses OR logic, not AND  – Scenario: Authorize US HR User     ...
Reference Materials• Claims and Security Technical Articles for  SharePoint 2010• Implementing Claims-Based Authentication...
Upcoming SlideShare
Loading in …5
×

SharePoint Access Control and Claims Based Authentication

2,699 views

Published on

Published in: Technology
  • Be the first to comment

SharePoint Access Control and Claims Based Authentication

  1. 1. SharePoint Access ControlJonathan Schultz (@SharePointValue) Skyline Technologies, Inc. 01/18/2012
  2. 2. About Skyline Technologies• Leading Microsoft solutions provider – Develops and tailors IT applications to meet the business and technical objectives of customers – Serves clients in the manufacturing and retail to healthcare, transportation, and logistics industries• Microsoft Partner with Gold competencies in Business Intelligence, Content Management, Portals and Collaboration, and Web Development and Silver competencies in Data Platform, Project and Portfolio Management, Search, and Software Development.• Provides a pathway to speed your company toward its vision.• Recognized by businesses nationwide as a team of smart, experienced people and a Microsoft Gold Certified Partner organization specializing in adapting Microsoft solutions to individual client’s needs.
  3. 3. Agenda• SharePoint Access Control• What are Claims?• Why would you use them?• Claims-Based Authentication• Reality of Claims Based Authentication• Reference Materials
  4. 4. SharePoint Access Control• Authentication vs. Authorization – Authentication = Who are you? – Authorization = What can you do?• Information Rights Management – Windows Server 2008 Active Directory Rights Management Server – CSS Print Suppression • @media print { .NoPrint { display: none; } }
  5. 5. Security EnvironmentsLoosely Managed Tightly Managed• Distributed Accountability • Centralized Authority• Low Risk Content • Auditing Requirements• Flexible – Content – Process
  6. 6. GroupsSharePoint Groups Active Directory Groups• Distributed • Centralized• SharePoint Only • Enterprise• Auditing • Auditing – 3rd Party Tools – Member Of
  7. 7. What are Claims?• Attributes about a User• Need to Come from Someone You Trust• Driver’s License Example – Trusted Provider = State of Wisconsin – Claims • Name = Jonathan Schultz • Age = 35 • Organ Donor = No
  8. 8. UWEBC Claims Example• Trusted Provider = Cavinda• My Claims – Name = Jonathan Schultz – Company = Skyline Technologies – Presenter = Yes
  9. 9. Why Use Claims?• Claim Augmentation – Security Groups from Active Directory – HRMS/CRM Attributes • Title/Role• Federation – Partner Network • Business to Business – Subsidiaries – Web 2.0 (Windows Live, Facebook, etc.)• Advanced Authentication & Authorization
  10. 10. Basic Claims Scenario
  11. 11. Claims Based Architecture
  12. 12. Terminology• Security Token Service (STS) – Identity Provider (IP-STS) – Relying Party (RP-STS)• Security Assertion Markup Language (SAML)• Windows Identity Framework (formerly Geneva)• Trusted Login Provider
  13. 13. Under the Covers
  14. 14. Claims-to-Windows Token Service
  15. 15. Claims Based Architecture Notes• New in SharePoint 2010• Authentication Prompt for Multiple Providers• All Intra/Inter Farm Calls are Claims Based – i.e. Service Applications• Claims-to-Windows Token Service Needed for Some Service Applications, i.e. PerformancePoint Services
  16. 16. Claims Development Tasks• Custom Login Pages – Extranet Scenarios – Branding – “Remember Me” Capability – Home Realm Discovery• Custom Claim Providers – Claims Augmentation – Claims Picking / Resolution• Trusted Login Providers – WIF SDK
  17. 17. Reality of Claims Based Authentication• Claims Authorization uses OR logic, not AND – Scenario: Authorize US HR User • Location Claim = US • Department Claim = HR • Will also succeed for US IT because of US OR HR• Trusted Identity Providers – Cookie Driven (Watch out for domains/paths) – Time Based Expiration (Server Times)• Claims + Kerberos + SSRS = Problem
  18. 18. Reference Materials• Claims and Security Technical Articles for SharePoint 2010• Implementing Claims-Based Authentication with SharePoint Server 2010 – White Paper• A Guide to Claims-Based Identity and Access Control – Patterns & Practices• Custom Claims-Based Security in SharePoint 2010• Steve Peschka’s Blog: Share-n-dipity

×