Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SharePoint 2010 Extranets and Authentication:How will SharePoint 2010 connect you to your partners? <br />Brian Culver, MC...
Session Agenda<br />Extranet Definition<br />Common Extranet Scenarios<br />Extranet Design Considerations & Challenges<br...
Extranet - Definition<br />A web application that is shared with external users, such as partners, vendors, and customers<...
Requires authenticated access, but the identity of the consumer is not always known
Has better security controls than an Internet Web application but usually less secure than the Intranet Web application </...
Extranet Design Considerations & Challenges<br />Network Topology and Access<br />Identity Management<br />Seamless Single...
Edge Firewall Topology<br />Internet<br />Corporate Network<br />External Users<br />Internal<br />Users<br />SharePoint F...
Back-to-Back Perimeter Topology<br />Internet<br />Corporate Network<br />Perimeter<br />External Users<br />Internal<br /...
Split Back-to-Back Topology<br />Internet<br />Corporate Network<br />Perimeter<br />External Users<br />Internal<br />Use...
Security Terms<br />Authentication is the mechanism whereby systems may securely identify their users<br />Creates an iden...
SharePoint Authentication<br />SharePoint does not authenticate<br />Windows authentication via Windows server and IIS (Ke...
SharePoint 2010 Security<br />SharePoint 2010 changes authentication<br />Uses classic mode and claims based authenticatio...
Identity Normalization<br />Classic<br />Claims<br />NT TokenWindows Identity<br />NT TokenWindows Identity<br />SAML1.1+A...
Claims-Based Terminology<br />Identity: security principal used to configure the security policy<br />Claim (Assertion): a...
Claim-based Authentication<br />
Mixed Mode Authentication vs Multi-Authentication<br />
Authentication ScenariosMixed Mode<br />https://extranet.contoso.com<br />Extranet<br />Zone<br />Intranet<br />Zone<br />...
Authentication ScenariosMixed Mode: When to Use It<br />Different scheme for different protocols<br />Intranet HTTP<br />E...
Authentication ScenariosMulti Authentication<br />https://Corporate.contoso.com<br />Intranet<br />Zone<br />FBA<br />clai...
Authentication ScenariosMulti Authentication: When to Use It<br />Same experience for different class of users<br />Single...
SharePoint 2010 Beta 2<br />Supported at Beta2<br />Windows-Classic<br />FBA-Claims<br />Anonymous<br />FBA-Claims + Anony...
Questions<br />
Learn More about SharePoint 2010<br />Information forIT Prosat TechNet<br />http://MSSharePointITPro.com<br />Information ...
SharePint Anyone?<br />
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
Planning Extranet Environments with SharePoint 2010
Next
Download to read offline and view in fullscreen.

13

Share

Download to read offline

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connect you to your partners?

Download to read offline

How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.

Related Books

Free with a 30 day trial from Scribd

See all

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connect you to your partners?

  1. 1. SharePoint 2010 Extranets and Authentication:How will SharePoint 2010 connect you to your partners? <br />Brian Culver, MCM, MCPD<br />Solutions Architect<br />Expert Point Solutions<br />3/23/2010<br />
  2. 2. Session Agenda<br />Extranet Definition<br />Common Extranet Scenarios<br />Extranet Design Considerations & Challenges<br />Claims Based Authentication and other Authentication Scenarios<br />Mixed Mode vs. Multi-Authentication<br />
  3. 3. Extranet - Definition<br />A web application that is shared with external users, such as partners, vendors, and customers<br />Common attributes for an extranet:<br /><ul><li>Sharing a private network or secured network
  4. 4. Requires authenticated access, but the identity of the consumer is not always known
  5. 5. Has better security controls than an Internet Web application but usually less secure than the Intranet Web application </li></li></ul><li>Common Extranet Scenarios<br />Line of Business Applications<br />Collaboration<br />Static Content or Publishing<br />Isolate and segregate internal data.<br />Authorize to use only sites and data that are necessary for their contributions.<br />Restrict partners from viewing other partners’ data.<br />Target Content<br />Segment content <br />Limit content access and search results based on audience.<br />Remote Employees<br />Partners<br />Vendors & Customers<br />
  6. 6. Extranet Design Considerations & Challenges<br />Network Topology and Access<br />Identity Management<br />Seamless Single Sign-on Experience<br />Content Security and Access<br />Antivirus<br />Client<br />Server<br />Rich Client Experience (Office Integration)<br />
  7. 7. Edge Firewall Topology<br />Internet<br />Corporate Network<br />External Users<br />Internal<br />Users<br />SharePoint Farm<br />
  8. 8. Back-to-Back Perimeter Topology<br />Internet<br />Corporate Network<br />Perimeter<br />External Users<br />Internal<br />Users<br />App Servers<br />Web Front Ends<br />Infrastructure Servers<br />
  9. 9. Split Back-to-Back Topology<br />Internet<br />Corporate Network<br />Perimeter<br />External Users<br />Internal<br />Users<br />WFE<br />App<br />Infra<br />App<br />Infra<br />
  10. 10. Security Terms<br />Authentication is the mechanism whereby systems may securely identify their users<br />Creates an identity for security principal<br />Who am I?<br />Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system.<br />Determines what resources an identity has access to<br />What can I access?<br />
  11. 11. SharePoint Authentication<br />SharePoint does not authenticate<br />Windows authentication via Windows server and IIS (Kerberos/NTLM)<br />FBA via ASP. NET and authentication providers (SQL, LDAP, etc.)<br />Web SSO via Active Directory Federation Services (ADFS) and other Identity Management Systems<br />SharePoint creates user profiles<br />SPUser object represents security principal<br />User Profile List in Site Collections track user profiles<br />
  12. 12. SharePoint 2010 Security<br />SharePoint 2010 changes authentication<br />Uses classic mode and claims based authentication<br />Classic mode is SharePoint 2007 style legacy mode<br />Claims-based authentication is the new security model<br />What are the benefits?<br />Claims decouples SharePoint from the authentication provider<br />Allows SharePoint to support multiple authentication providers per URL<br />Identities can be passed without Kerberos delegation<br />Allows federation between organizations<br />ACLs can be configured with DLs, Audiences and OUs<br />
  13. 13. Identity Normalization<br />Classic<br />Claims<br />NT TokenWindows Identity<br />NT TokenWindows Identity<br />SAML1.1+ADFS, etc.<br />ASP.NET (FBA)SQL, LDAP, Custom …<br />SAML Token<br />Claims Based Identity<br />SPUser<br />
  14. 14. Claims-Based Terminology<br />Identity: security principal used to configure the security policy<br />Claim (Assertion): attribute of an identity (such as Login Name, AD Group, etc.)<br />Issuer: trusted party that creates claims<br />Security Token: serialized set of claims (assertions) about an authenticated user.<br />Issuing Authority: issues security tokens knowing claims desired by target application (AD, ASP.NET, LiveID, etc.) <br />Security Token Service (STS): builds, signs and issues security tokens<br />Relying Party: application that makes authorization decisions based on claims<br />
  15. 15. Claim-based Authentication<br />
  16. 16. Mixed Mode Authentication vs Multi-Authentication<br />
  17. 17. Authentication ScenariosMixed Mode<br />https://extranet.contoso.com<br />Extranet<br />Zone<br />Intranet<br />Zone<br />http://contoso<br />FBA<br />claims<br />Windows<br />claims<br />Remote Employees<br />Employees<br />
  18. 18. Authentication ScenariosMixed Mode: When to Use It<br />Different scheme for different protocols<br />Intranet HTTP<br />Extranet HTTPS<br />Protecting access from different channels<br />Preventing employees log in from home except Sales division<br />Dedicate Extranet to vendors only<br />Preferred choice for solutions that require separate environments<br />Publishing Portal authored by employees and consumed by customers<br />
  19. 19. Authentication ScenariosMulti Authentication<br />https://Corporate.contoso.com<br />Intranet<br />Zone<br />FBA<br />claims<br />Windows<br />claims<br />SAML<br />claims<br />Employees<br />Vendors<br />Partners<br />
  20. 20. Authentication ScenariosMulti Authentication: When to Use It<br />Same experience for different class of users<br />Single URL<br />Same experience for same users no matter where they access content from:<br />A la’ Outlook Web Access<br />Preferred choice for cross company collaboration solutions<br />
  21. 21. SharePoint 2010 Beta 2<br />Supported at Beta2<br />Windows-Classic<br />FBA-Claims<br />Anonymous<br />FBA-Claims + Anonymous<br />NOT Ready for deployment at Beta2<br />Windows-Claims<br />SAML-Claims<br />Windows-Claims + FBA-Claims<br />
  22. 22. Questions<br />
  23. 23. Learn More about SharePoint 2010<br />Information forIT Prosat TechNet<br />http://MSSharePointITPro.com<br />Information forDevelopersat MSDN<br />http://MSSharePointDeveloper.com<br />Information forEveryone<br />http://SharePoint.Microsoft.com<br />
  24. 24. SharePint Anyone?<br />
  25. 25. Sources and Links<br />Geneva Framework A Better Approach For Building Claims-Based WCF Serviceshttp://msdn.microsoft.com/en-us/magazine/dd278426.aspx<br />An Introduction to Claims http://msdn.microsoft.com/en-us/library/ff359101.aspx<br />Microsoft SharePoint Conference 2009 http://www.mssharepointconference.com/Pages/default.aspx<br />Identity Management http://msdn.microsoft.com/en-us/security/aa570351.aspx<br />
  • MohitSingh175

    Jul. 18, 2015
  • sanstwacas

    Jan. 31, 2013
  • bruinm

    Jan. 29, 2013
  • MauroPappalardo

    Feb. 16, 2012
  • jainnitin2411

    Jan. 24, 2012
  • sfx21

    Jan. 23, 2012
  • cangia00

    May. 5, 2011
  • mhinckley

    Oct. 26, 2010
  • larakiyomi

    Oct. 14, 2010
  • jfew

    Jun. 15, 2010
  • mrichter

    Apr. 26, 2010
  • georgekhalil

    Apr. 22, 2010
  • mohdyehia

    Apr. 22, 2010

How will SharePoint 2010 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn what exactly is claims based authentication and how can to use it. Learn about the new multi-authentication mode in SharePoint 2010. Learn how SharePoint 2010 can help your organization open its doors to its clients and partners securely.

Views

Total views

51,536

On Slideshare

0

From embeds

0

Number of embeds

982

Actions

Downloads

1,766

Shares

0

Comments

0

Likes

13

×