The document outlines a presentation on authentication, authorization, and identity topics within SharePoint, conducted by Scott Hoag and Dan Usher for the Princeton SharePoint User Group. The session includes discussions on security concerns, different authentication methods, claims-based authentication, and best practices for limiting access control. Additionally, there are event details, sponsor mentions, and an encouragement for participants to interact and engage with the content and sponsors.

1. AUTHENTICATION, AUTHORIZ
ATION AND IDENTITY…
IT’S MORE THAN MEETS THE EYE
Scott Hoag and Dan Usher

2. PRINCETON SHAREPOINT USER GROUP
• Different SharePoint discussions each
month on various topics. Announced on
meetup.com
• Meets 4th Wednesday of every month
• 6pm – 8pm
• Infragistics Office
• 2 Commerce Drive, Cranbury, NJ
• http://www.meetup.com/princetonSUG
• http://www.princetonsug.com

3. THANK YOU
EVENT
SPONSORS
• Platinum & Gold sponsors
have tables here in the
Fireside Lounge
• Please visit them and
inquire about their
products & services
• To be eligible for prizes
make sure your bingo card
is signed by all
Platinum/Gold

4. WHO ARE WE?
Scott Hoag
@ciphertxt
Applied Information Sciences
Infrastructure Consultant
scott.hoag@appliedis.com
• Dan Usher
• @binarybrewery
• Booz Allen Hamilton Incorporated
• Lead Associate
• usher_daniel@bah.com

7. HOUSEKEEPING
• Phones silenced, phasers set to stun
• Ask questions
• Please remember to turn in your filled out bingo cards and event evaluations for prizes.
• Follow SharePoint Saturday New Jersey on Twitter @spsnj and hashtag #spsnj
• Do not feed Scott donuts…

8. THINGS TO COVER

9. THINGS WE WON’T BE COVERING
http://go.spdan.com/kerberos2010
http://go.spdan.com/kerberos2013
http://go.spdan.com/multihopwinrm

10. SECURITY

11. SPOILER ALERT!!!
http://xkcd.com/1240/

12. SECURITY IN GENERAL

13. SECURITY IN GENERAL

14. SECURITY CONCERNS IN TODAY’S WORLD

15. IDENTIFICATION – WHAT IS?

16. IDENTIFICATION – TYPES OF…

17. HOW DO WE PROTECT IDENTITY?

18. AUTHENTICATION – WHAT IS?

19. AUTHORIZATION – WHAT IS?
• The act of authorizing.
• Permission or power granted by an authority; sanction.
• To give authority or official power to.
• To give authority for; formally sanction (an act or
proceeding).
• To establish by authority or usage.
• Sometimes we call it AuthZ.

20. SECURITY WITH SHAREPOINT

21. SECURITY WITH SHAREPOINT

22. AUTHN – TYPES OF…
• Windows
• NTLM/Kerberos
• Basic
• Anonymous
• Digest
• Client Certificate
• Forms-based Authentication
• Lightweight Directory Access
Protocol (LDAP)
• Microsoft SQL Server
• ASP.NET Membership and Role
Providers

23. AUTHN – STILL MORE TYPES OF…
• SAML Token-based Authentication
• Active Directory Federated Services
• 3rd Party Identity Provider
• Lightweight Directory Access Protocol (LDAP)

24. AUTHENTICATION VS. AUTHORIZATION

25. AUTHN VS. AUTHZ (CONTINUED)

26. AUTHENTICATION – CLAIM TERMINOLOGY
• Identity
• Info about a Person or Object
(AD, Google, Windows Live, Facebook
etc.)
• Claim
• Attributes of the Identity (User
ID, Email, Age etc.)
• Token
• Binary Representation of Identity
• Set of Claims and the Signature
• Relying Party (aka RP)
• Users Token
• Secure Token Service (STS)
• Issuer of Tokens for Users
• SharePoint 2010 Introduced Claims
Authentication
• What is this? http://go.spdan.com/cba

27. AUTHENTICATION - CLAIMS

28. AUTHENTICATION - CLAIMS

29. WHAT ABOUT CLAIMS IN WINDOWS?

30. WHAT DOES CLAIMS ENCODING LOOK LIKE?
http://go.spdan.com/claimsencoding

31. WHAT DOES CLAIMS ENCODING LOOK LIKE?
http://go.spdan.com/claimsencoding

32. BASICS OF SHAREPOINT CLASSIC AUTHN
Source:http://go.spdan.com/iisauth
ASP.NETAuthentication

33. BASICS OF SHAREPOINT CLAIMS AUTHN
1. Resource Requested
2. AuthN Request / Redirect
3. AuthN Request
4. Security Token
5. Security Token Request
6. Service Token
7. Resource Request w/Service Token
8. Resource Sent
Identity Provider
Security Token Service
aka IP-STS
SharePoint 2010
aka RP

34. SIDE STORY

35. A SHAREPOINT CONSULTANTS ENTER A BAR…

37. AUTHN - MEMBERSHIP & ROLE PROVIDERS

38. AUTHN - MEMBERSHIP & ROLE PROVIDERS

39. AUTHN – CUSTOM IDENTITY PROVIDER

40. AUTHN – CUSTOM IDENTITY PROVIDER

41. AUTHN - PROXY SERVER

42. AUTHN - DIRECT ACCESS

43. WINDOWS AZURE ACTIVE DIRECTORY

44. WINDOWS AZURE ACTIVE DIRECTORY

45. IDENTITY PROVIDERS
https://sts.domain.com

46. AUTHZ

47. SHAREPOINT AUTHZ
Anonymous
Authentication
Is In Site Group?
Does user have claim attribute?
Web Application / Site Collection
Secured Site / Site Collection / Content
Content Repository
Content

48. AUTHZ - LIMITING ACCESS CONTROL

49. AUTHZ - OFFICE 365 AND EXTERNAL USERS

50. AUTHZ - OFFICE 365 AND EXTERNAL USERS

51. EXPECT THE UNEXPECTED

52. REAL WORLD

53. WHAT DO I DO WHERE?

54. SECURITY IN THE REAL WORLD
• Expect the unexpected
• People will find a way to circumvent your
security
• Give users minimal permission
• Starting with Less is good
• Add functionality through permission as
needed
• Be prepared to secure at all levels
• Web Application
• Site Collection
• Site
• List or Library
• Item
• Use roles from Provider
• Active Directory Groups
• Membership and Role Provider Roles
• Claims

55. QUESTIONS

56. CATCH UP WITH US…
Usher_Daniel@bah.com
@binarybrewery
www.sharepointdan.com
Scott.hoag@appliedis.com
@ciphertxt
http://psconfig.com

57. THANK YOU
EVENT
SPONSORS
• Platinum & Gold sponsors
have tables here in the
Fireside Lounge
• Please visit them and
inquire about their
products & services
• To be eligible for prizes
make sure your bingo card
is signed by all
Platinum/Gold