SlideShare a Scribd company logo

How to deploy SharePoint 2010 to external users?

Download as PPTX, PDF
R
rlsoft

A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.

Technology
1 of 58
How to deploy SharePoint to Extranet Users? Raphael Londner SiliconValley SharePoint User Group 02/10/2011
© RL Soft 2011 Who am I? SharePoint, .NET, SQL Server, AD… since 2001 Founder of RL Soft www.rl-soft.com www.rl-soft.com/en/blog @rlondner www.youtube.com/xtrashare
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
© RL Soft 2011 Extranet - Definition A web application shared with external users, such as partners, vendors, customers, community users, industry peers… Typical attributes of an extranet: ,[object Object]
Has stronger security controls than an Internet web site but usually less secure than an Intranet,[object Object]
© RL Soft 2011 Extranet Design Considerations Network Topologies Identity Management
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
© RL Soft 2011 Edge Firewall Topology Pros Least amount of hardware, software and configuration Single point of data Cons Single firewall between corporate network and the Internet
© RL Soft 2011 Back-to-back Perimeter Pros Isolated, extranet farm External user access isolated to the perimeter network Cons Additional network infrastructure, hardware, software licenses…
© RL Soft 2011 Split-to-back Perimeter Pros Single SQL Server Store, app servers (only) in corporate network Cons Increased complexity (domain trusts…)
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
© RL Soft 2011 Terminology Authentication Creates an identity for a security principal Who am I? Authorization Determines which resources a user has access to What can I access? SharePoint does not authenticate but does authorize SharePoint creates user profiles (SPUser) Stored in the User Information List at the site collection level
© RL Soft 2011 SharePoint 2001 Windows Server 2000/IIS 5.0 ASP 3.0 Windows Authentication (Active Directory)
© RL Soft 2011 SharePoint 2003 Windows Server 2003/ IIS 6.0 ASP.NET 1.1 2.0 w/ SP1 Windows Authentication (Active Directory)
© RL Soft 2011 SharePoint 2007 Windows Server 2003/2008 IIS 6.0/7.0 ASP.NET 2.0 Windows Authentication (Active Directory) Forms-Based Authentication (FBA) Allows users to connect through a web form ASP.NET 2.0 Membership Provider/Role Manager Can authenticate users against “any” user store Web SSO (ADFS), LDAP, SQL… One authencation method per SharePoint Zone
© RL Soft 2011 SharePoint 2010 Windows Server 2008/2008 R2 IIS 7.0/7.5 ASP.NET 3.5 Windows Authentication (AD) Claims-Based Authentication (CBA) Windows Identity Foundation (WIF) Multiple authentication methods per SharePoint Zone (Url) Standards-based (WS-Trust, SAML) Automatic, secure identity delegation
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
What is Claims-Based Authentication? Your Applications Are Prisoners! Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores © RL Soft 2011
Identity in Real Life Externalizes Authentication ? ? ! Gets user info from the document
Claims Can Set Your Applications Free Identity Provider STS Claims Relying Party Security Token
CLAIMSDEMO (yes, youcan click on the link, it’s a YouTube vide)
© RL Soft 2011 CBA Terminology Identity: security principal used to configure the security policy Claim (Assertion): attribute of an identity (such as Login Name, First Name, Gender, Age, etc.) Issuer: trusted party that creates claims Security Token: serialized set of claims (assertions) about an authenticated user Issuing Authority: issues security tokens knowing claims desired by target application (AD, ASP.NET, LiveID, etc.) Security Token Service (STS): builds, signs and issues security tokens Relying Party: application that makes authorization decisions based on claims
SharePoint 2007 – Identity Flow SharePoint 2010 – Identity Flow SAML Web SSO ASP.Net (FBA) Windows Windows integrated Roles protected Anonymous access Membership & Role Providers Windows Identity Claims-aware Claims protected Claims Based Identity Trusted sub-systems WebSSO WIF WIF WIF – SPSTS SP-STS Authentication methods Access control Services Application Framework Auth App logic SharePoint Service Applications SharePoint Web Application Content Database Client Windows Identity
© RL Soft 2011 Externalizing Authentication - Overview SharePoint-STS Fabrikam Enterprise Farm-A Windows claims 2.2 Augmentclaims 2.1 Authenticate user 2. Redirect to STS for auth 3. Post Token {SP-Token} trust Jill Frank SharePoint Web Applications 3.1 Extract Claims and construct IClaimsPrincipal 1. Attempt access
© RL Soft 2011 Externalizing Authentication – In Detail SharePoint-STS Web Application Security Token Service Session Authentication Module Cookie Management 5 6 2 4 WS-Federation Passive Serializer Windows Authentication Module WS-Federation Authentication Module 3 1 7 IIS ASP.NET Browser Client 8. Cookie
© RL Soft 2011 Claims-Based Authentication Process
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
Sign-In Methods Sign-in methods supported in SP 2010: Classic Claims NT TokenWindows Identity NT TokenWindows Identity SAML1.1+ADFS, Custom, etc. ASP.NET (FBA)SQL, LDAP, Custom … SAML Token Claims Based Identity SPUser © RL Soft 2011
© RL Soft 2011 Mixed-Mode Authentication Pros Automated Authentication Cons Single Url per Authentication Provider
© RL Soft 2011 Mixed-Mode Scenario https://extranet.contoso.com Extranet Zone Intranet Zone http://contoso FBA claims Windows claims Remote Employees Employees
© RL Soft 2011 Mixed-Mode: When to use it Different protocols on different channels Intranet (HTTP) Extranet (HTTPS) Isolation of authentication providers Dedicate Extranet to partners only Internet Sites Publishing Portal Authored by employees Consumed by customers
© RL Soft 2011 Multi-Mode Authentication Pros Single Url Cons Single Prompt for Authentication Type
© RL Soft 2011 Multi-Mode Scenario https://Corporate.contoso.com Intranet Zone FBA claims Windows claims SAML claims Employees Vendors Partners
© RL Soft 2011 Multi-Mode: When to use it Single experience for different class of users Single URL experience Partner collaboration sites Federation between two organizations
© RL Soft 2011 ASP.NET Providers Microsoft provides several OOTB providers Active Directory LDAP ASP.NET SQL Database ADFS (WebSSO) You can write your own too! Added in web.config files <system.web> <membership> <providers> <add…/> </providers> </membership> </system.web>
© RL Soft 2011 Active Directory Membership Provider <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" connectionUsername="domainccount" connectionPassword="password" attributeMapUsername="SAMAccountName"/> <connectionStrings> <add connectionString="LDAP://DomainController.local/DC=DomainController,DC=local" name="ADConnection"/> </connectionStrings> Note: no role provider seems to be available…
© RL Soft 2011 LDAP Membership Provider/Role Manager <add name="LDAPmembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="redmond.corp.microsoft.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=UserAccounts,DC=redmond,DC=corp,DC=microsoft,DC=com" userObjectClass="person" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> <add name="LDAProlemanager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="redmond.corp.microsoft.com" port="389" useSSL="false" groupContainer="DC=redmond,DC=corp,DC=microsoft,DC=com" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(&amp;(ObjectClass=group))" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" /> Note: Only available with MOSS 2007 or SP Server 2010 (not WSS 3.0/SP Foundation 2010)
© RL Soft 2011 ASP.NET DB Membership Provider <add name="SQLmembership“type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"connectionStringName="FBAConnectionStr" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" /> <add name="SQLrolemanager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBAConnectionStr" applicationName="/" /> <connectionStrings> <add name="FBAConnectionStr" connectionString="server=yourserver;database=aspnetdb;Trusted_Connection=True" providerName="" /> </connectionStrings>
© RL Soft 2011 ADFS Membership Provider <add name="SingleSignOnMembershipProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fs="https://fs-server/adfs/fs/federationserverservice.asmx" />
© RL Soft 2011 Challenges in extranet scenarios Graceful, branded login page Ability to delegate user management To business users or external users Self-service capability Password reminder, password reset, profile management Registration forms Activation links, Captcha, etc… Automated Notifications Account Lockout mechanism Identity Confidentiality
© RL Soft 2011 Windows Claims in Extranet Scenarios Pros OOTB Support in SharePoint Security Cons Separate AD/network/farm for extranet Managed by IT (not business users) No OOTB Self-Service Capability No OOTB User Management Delegation Requires ASP.NET AD Provider (or FIM 2010) to avoid the dreaded Basic Authentication Prompt
© RL Soft 2011 FBA Claims in Extranet Scenarios Pros Lightweight footprint on infrastructure Flexibility (development) Cons Many manual configuration steps 3 web.config files to update… at least! Hard to troubleshoot Steve Peshka on MS SharePoint blog: “Admittedly, there are many steps involved in configuring multiple authentication providers for SharePoint” No OOTB Full Name Resolution No Self-Service Capability/Delegated Administration…
© RL Soft 2011 Trusted Provider Claims in Extranet Scenarios Pros Easier configuration Reusability (across other applications) It’s the future of authentication OpenID/OAuth… Cons New technology  scarce skilled resources Development complexity
© RL Soft 2011 Extranet Best Practices Branded sites Use anonymous top-level site collection with custom login web part Secure content in sub-sites or even better site collections User Multi-Tenancy Do NOT use sub-sites User Information List is at site collection level and is always available in the Picker Control for ALL users Use one site collection per external organization Implement a filtering mechanism in the People Picker control stsadm -Peoplepicker-searchadcustomquery for AD Custom filtering in Find…() methods for an ASP.NET Membership Provider
© RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
© RL Soft 2011 Setting up a SharePoint Extranet is complex…
© RL Soft 2011 ..but XtraShare delivers SharePoint Extranets for the Masses!
XtraShare for SharePoint A fully-packaged, tightly integrated extranet enablement solution for companies of all sizes
A Fully Packaged Solution Key Automation Benefits ,[object Object]
Technical expertise is no longer needed
Point-to-click installer
Full Automation
Administration Site provisioned at installation time
Creates the user store (SQL DB) from the SharePoint UI
Complex modifications of configuration files
CBA web application configuration
Web Parts deployment

Recommended

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 

Recommended

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFSNatallia Makarevich
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePointDeploying an Extranet on SharePoint
Deploying an Extranet on SharePointAlan Marshall
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz Kjell-Sverre Jerijærvi
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Ad fs
Ad fsAd fs
Ad fsIván Sanchez Vera
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceAmin Saqi
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Michael Noel
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloudNagraj Rao
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Healthcare solutions with SharePoint
Healthcare solutions with SharePointHealthcare solutions with SharePoint
Healthcare solutions with SharePointOptimus BT
 
How to implement SharePoint in your organization
How to implement SharePoint in your organizationHow to implement SharePoint in your organization
How to implement SharePoint in your organizationSPC Adriatics
 

More Related Content

What's hot

SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePointDeploying an Extranet on SharePoint
Deploying an Extranet on SharePointAlan Marshall
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)Jay Simcox
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz Kjell-Sverre Jerijærvi
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceAmin Saqi
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Michael Noel
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 

What's hot (20)

SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
SharePoint 2013 and ADFS
SharePoint 2013 and ADFSSharePoint 2013 and ADFS
SharePoint 2013 and ADFS
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
Deploying an Extranet on SharePoint
Deploying an Extranet on SharePointDeploying an Extranet on SharePoint
Deploying an Extranet on SharePoint
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)The Who, What, Why and How of Active Directory Federation Services (AD FS)
The Who, What, Why and How of Active Directory Federation Services (AD FS)
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuth
 
SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
 
Ad fs
Ad fsAd fs
Ad fs
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
 
Introducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and PerformanceIntroducing SAML 2.0 Protocol: Security and Performance
Introducing SAML 2.0 Protocol: Security and Performance
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010
 
Saml in cloud
Saml in cloudSaml in cloud
Saml in cloud
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 

Viewers also liked

Healthcare solutions with SharePoint
Healthcare solutions with SharePointHealthcare solutions with SharePoint
Healthcare solutions with SharePointOptimus BT
 
How to implement SharePoint in your organization
How to implement SharePoint in your organizationHow to implement SharePoint in your organization
How to implement SharePoint in your organizationSPC Adriatics
 
Business Intelligence in SharePoint 2013
Business Intelligence in SharePoint 2013Business Intelligence in SharePoint 2013
Business Intelligence in SharePoint 2013Jason Himmelstein
 
10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)Christian Buckley
 
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...Optimus BT
 
Utilizing SharePoint for Project Management
Utilizing SharePoint for Project ManagementUtilizing SharePoint for Project Management
Utilizing SharePoint for Project ManagementGregory Zelfond
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013K.Mohamed Faizal
 

Viewers also liked (9)

Healthcare solutions with SharePoint
Healthcare solutions with SharePointHealthcare solutions with SharePoint
Healthcare solutions with SharePoint
 
How to implement SharePoint in your organization
How to implement SharePoint in your organizationHow to implement SharePoint in your organization
How to implement SharePoint in your organization
 
Business Intelligence in SharePoint 2013
Business Intelligence in SharePoint 2013Business Intelligence in SharePoint 2013
Business Intelligence in SharePoint 2013
 
10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)10 Best SharePoint Features You’ve Never Used (But Should)
10 Best SharePoint Features You’ve Never Used (But Should)
 
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
Purchasing, Procurement, Vendor, Contract and RFP Process Management with Sha...
 
C 13 NMR Spectroscopy
C 13 NMR SpectroscopyC 13 NMR Spectroscopy
C 13 NMR Spectroscopy
 
Nmr spectroscopy
Nmr spectroscopyNmr spectroscopy
Nmr spectroscopy
 
Utilizing SharePoint for Project Management
Utilizing SharePoint for Project ManagementUtilizing SharePoint for Project Management
Utilizing SharePoint for Project Management
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
 

Similar to How to deploy SharePoint 2010 to external users?

DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentEdin Kapic
 
Spsbe15 high-trust apps for on-premises development
Spsbe15 high-trust apps for on-premises developmentSpsbe15 high-trust apps for on-premises development
Spsbe15 high-trust apps for on-premises developmentBIWUG
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityOliver Pfaff
 
High-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentHigh-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentEdin Kapic
 
SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...
SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...
SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...Richard Harbridge
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarJohn Lewis
 

Similar to How to deploy SharePoint 2010 to external users? (20)

DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
 
Spsbe15 high-trust apps for on-premises development
Spsbe15 high-trust apps for on-premises developmentSpsbe15 high-trust apps for on-premises development
Spsbe15 high-trust apps for on-premises development
 
Higgins
HigginsHiggins
Higgins
 
Higgins
HigginsHiggins
Higgins
 
Higgins
HigginsHiggins
Higgins
 
Higgins
HigginsHiggins
Higgins
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identity
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the Cloud
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric Identity
 
High-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentHigh-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises Development
 
SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...
SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...
SharePoint Fest Chicago - SharePoint 2010 Integration and Interoperability: W...
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

How to deploy SharePoint 2010 to external users?

  • 1. How to deploy SharePoint to Extranet Users? Raphael Londner SiliconValley SharePoint User Group 02/10/2011
  • 2. © RL Soft 2011 Who am I? SharePoint, .NET, SQL Server, AD… since 2001 Founder of RL Soft www.rl-soft.com www.rl-soft.com/en/blog @rlondner www.youtube.com/xtrashare
  • 3. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 4. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 5.
  • 6.
  • 7. © RL Soft 2011 Extranet Design Considerations Network Topologies Identity Management
  • 8. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 9. © RL Soft 2011 Edge Firewall Topology Pros Least amount of hardware, software and configuration Single point of data Cons Single firewall between corporate network and the Internet
  • 10. © RL Soft 2011 Back-to-back Perimeter Pros Isolated, extranet farm External user access isolated to the perimeter network Cons Additional network infrastructure, hardware, software licenses…
  • 11. © RL Soft 2011 Split-to-back Perimeter Pros Single SQL Server Store, app servers (only) in corporate network Cons Increased complexity (domain trusts…)
  • 12. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 13. © RL Soft 2011 Terminology Authentication Creates an identity for a security principal Who am I? Authorization Determines which resources a user has access to What can I access? SharePoint does not authenticate but does authorize SharePoint creates user profiles (SPUser) Stored in the User Information List at the site collection level
  • 14. © RL Soft 2011 SharePoint 2001 Windows Server 2000/IIS 5.0 ASP 3.0 Windows Authentication (Active Directory)
  • 15. © RL Soft 2011 SharePoint 2003 Windows Server 2003/ IIS 6.0 ASP.NET 1.1 2.0 w/ SP1 Windows Authentication (Active Directory)
  • 16. © RL Soft 2011 SharePoint 2007 Windows Server 2003/2008 IIS 6.0/7.0 ASP.NET 2.0 Windows Authentication (Active Directory) Forms-Based Authentication (FBA) Allows users to connect through a web form ASP.NET 2.0 Membership Provider/Role Manager Can authenticate users against “any” user store Web SSO (ADFS), LDAP, SQL… One authencation method per SharePoint Zone
  • 17. © RL Soft 2011 SharePoint 2010 Windows Server 2008/2008 R2 IIS 7.0/7.5 ASP.NET 3.5 Windows Authentication (AD) Claims-Based Authentication (CBA) Windows Identity Foundation (WIF) Multiple authentication methods per SharePoint Zone (Url) Standards-based (WS-Trust, SAML) Automatic, secure identity delegation
  • 18. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 19. What is Claims-Based Authentication? Your Applications Are Prisoners! Login.aspx Page1.aspx Credential Stores Credential Types / APIs User Attributes Stores © RL Soft 2011
  • 20. Identity in Real Life Externalizes Authentication ? ? ! Gets user info from the document
  • 21. Claims Can Set Your Applications Free Identity Provider STS Claims Relying Party Security Token
  • 22. CLAIMSDEMO (yes, youcan click on the link, it’s a YouTube vide)
  • 23. © RL Soft 2011 CBA Terminology Identity: security principal used to configure the security policy Claim (Assertion): attribute of an identity (such as Login Name, First Name, Gender, Age, etc.) Issuer: trusted party that creates claims Security Token: serialized set of claims (assertions) about an authenticated user Issuing Authority: issues security tokens knowing claims desired by target application (AD, ASP.NET, LiveID, etc.) Security Token Service (STS): builds, signs and issues security tokens Relying Party: application that makes authorization decisions based on claims
  • 24. SharePoint 2007 – Identity Flow SharePoint 2010 – Identity Flow SAML Web SSO ASP.Net (FBA) Windows Windows integrated Roles protected Anonymous access Membership & Role Providers Windows Identity Claims-aware Claims protected Claims Based Identity Trusted sub-systems WebSSO WIF WIF WIF – SPSTS SP-STS Authentication methods Access control Services Application Framework Auth App logic SharePoint Service Applications SharePoint Web Application Content Database Client Windows Identity
  • 25. © RL Soft 2011 Externalizing Authentication - Overview SharePoint-STS Fabrikam Enterprise Farm-A Windows claims 2.2 Augmentclaims 2.1 Authenticate user 2. Redirect to STS for auth 3. Post Token {SP-Token} trust Jill Frank SharePoint Web Applications 3.1 Extract Claims and construct IClaimsPrincipal 1. Attempt access
  • 26. © RL Soft 2011 Externalizing Authentication – In Detail SharePoint-STS Web Application Security Token Service Session Authentication Module Cookie Management 5 6 2 4 WS-Federation Passive Serializer Windows Authentication Module WS-Federation Authentication Module 3 1 7 IIS ASP.NET Browser Client 8. Cookie
  • 27. © RL Soft 2011 Claims-Based Authentication Process
  • 28. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 29. Sign-In Methods Sign-in methods supported in SP 2010: Classic Claims NT TokenWindows Identity NT TokenWindows Identity SAML1.1+ADFS, Custom, etc. ASP.NET (FBA)SQL, LDAP, Custom … SAML Token Claims Based Identity SPUser © RL Soft 2011
  • 30. © RL Soft 2011 Mixed-Mode Authentication Pros Automated Authentication Cons Single Url per Authentication Provider
  • 31. © RL Soft 2011 Mixed-Mode Scenario https://extranet.contoso.com Extranet Zone Intranet Zone http://contoso FBA claims Windows claims Remote Employees Employees
  • 32. © RL Soft 2011 Mixed-Mode: When to use it Different protocols on different channels Intranet (HTTP) Extranet (HTTPS) Isolation of authentication providers Dedicate Extranet to partners only Internet Sites Publishing Portal Authored by employees Consumed by customers
  • 33. © RL Soft 2011 Multi-Mode Authentication Pros Single Url Cons Single Prompt for Authentication Type
  • 34. © RL Soft 2011 Multi-Mode Scenario https://Corporate.contoso.com Intranet Zone FBA claims Windows claims SAML claims Employees Vendors Partners
  • 35. © RL Soft 2011 Multi-Mode: When to use it Single experience for different class of users Single URL experience Partner collaboration sites Federation between two organizations
  • 36. © RL Soft 2011 ASP.NET Providers Microsoft provides several OOTB providers Active Directory LDAP ASP.NET SQL Database ADFS (WebSSO) You can write your own too! Added in web.config files <system.web> <membership> <providers> <add…/> </providers> </membership> </system.web>
  • 37. © RL Soft 2011 Active Directory Membership Provider <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnection" connectionUsername="domainccount" connectionPassword="password" attributeMapUsername="SAMAccountName"/> <connectionStrings> <add connectionString="LDAP://DomainController.local/DC=DomainController,DC=local" name="ADConnection"/> </connectionStrings> Note: no role provider seems to be available…
  • 38. © RL Soft 2011 LDAP Membership Provider/Role Manager <add name="LDAPmembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="redmond.corp.microsoft.com" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="OU=UserAccounts,DC=redmond,DC=corp,DC=microsoft,DC=com" userObjectClass="person" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> <add name="LDAProlemanager" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="redmond.corp.microsoft.com" port="389" useSSL="false" groupContainer="DC=redmond,DC=corp,DC=microsoft,DC=com" groupNameAttribute="cn" groupNameAlternateSearchAttribute="samAccountName" groupMemberAttribute="member" userNameAttribute="sAMAccountName" dnAttribute="distinguishedName" groupFilter="(&amp;(ObjectClass=group))" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" /> Note: Only available with MOSS 2007 or SP Server 2010 (not WSS 3.0/SP Foundation 2010)
  • 39. © RL Soft 2011 ASP.NET DB Membership Provider <add name="SQLmembership“type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"connectionStringName="FBAConnectionStr" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordAttemptWindow="10" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" /> <add name="SQLrolemanager" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FBAConnectionStr" applicationName="/" /> <connectionStrings> <add name="FBAConnectionStr" connectionString="server=yourserver;database=aspnetdb;Trusted_Connection=True" providerName="" /> </connectionStrings>
  • 40. © RL Soft 2011 ADFS Membership Provider <add name="SingleSignOnMembershipProvider2" type="System.Web.Security.SingleSignOn.SingleSignOnMembershipProvider2, System.Web.Security.SingleSignOn.PartialTrust, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" fs="https://fs-server/adfs/fs/federationserverservice.asmx" />
  • 41. © RL Soft 2011 Challenges in extranet scenarios Graceful, branded login page Ability to delegate user management To business users or external users Self-service capability Password reminder, password reset, profile management Registration forms Activation links, Captcha, etc… Automated Notifications Account Lockout mechanism Identity Confidentiality
  • 42. © RL Soft 2011 Windows Claims in Extranet Scenarios Pros OOTB Support in SharePoint Security Cons Separate AD/network/farm for extranet Managed by IT (not business users) No OOTB Self-Service Capability No OOTB User Management Delegation Requires ASP.NET AD Provider (or FIM 2010) to avoid the dreaded Basic Authentication Prompt
  • 43. © RL Soft 2011 FBA Claims in Extranet Scenarios Pros Lightweight footprint on infrastructure Flexibility (development) Cons Many manual configuration steps 3 web.config files to update… at least! Hard to troubleshoot Steve Peshka on MS SharePoint blog: “Admittedly, there are many steps involved in configuring multiple authentication providers for SharePoint” No OOTB Full Name Resolution No Self-Service Capability/Delegated Administration…
  • 44. © RL Soft 2011 Trusted Provider Claims in Extranet Scenarios Pros Easier configuration Reusability (across other applications) It’s the future of authentication OpenID/OAuth… Cons New technology  scarce skilled resources Development complexity
  • 45. © RL Soft 2011 Extranet Best Practices Branded sites Use anonymous top-level site collection with custom login web part Secure content in sub-sites or even better site collections User Multi-Tenancy Do NOT use sub-sites User Information List is at site collection level and is always available in the Picker Control for ALL users Use one site collection per external organization Implement a filtering mechanism in the People Picker control stsadm -Peoplepicker-searchadcustomquery for AD Custom filtering in Find…() methods for an ASP.NET Membership Provider
  • 46. © RL Soft 2011 Definition and Scenarios Extranet Network Topologies Identity Management in SharePoint Claims-Based Authentication SharePoint 2010 Authentication Options XtraShare for SharePoint Highlight Agenda
  • 47. © RL Soft 2011 Setting up a SharePoint Extranet is complex…
  • 48. © RL Soft 2011 ..but XtraShare delivers SharePoint Extranets for the Masses!
  • 49. XtraShare for SharePoint A fully-packaged, tightly integrated extranet enablement solution for companies of all sizes
  • 50.
  • 51. Technical expertise is no longer needed
  • 54. Administration Site provisioned at installation time
  • 55. Creates the user store (SQL DB) from the SharePoint UI
  • 56. Complex modifications of configuration files
  • 57. CBA web application configuration
  • 59. Adds a Login Web Part on home page for anonymous sites
  • 60.
  • 61. Management site integrated in SharePoint Central Administration
  • 62. Configuration, FBA activation, user/group management
  • 63. Site template for delegated user management
  • 64.
  • 67. Mass import/update of users (Object Model)
  • 74.
  • 75. Deciphering the XtraShare “Magic”Inside the XtraShare Installer Installation of 3 SharePoint Solutions Administration, End-User Web Parts, Site Templates Deployment of membership/role providers to GAC Creation of Administration Site Central Administration CBA readiness Web.config modifications to support membership/role providers SiteMap Update of Central Administration Modification of admin.sitemap for easy navigation Resource Files Deployment Deployed to CA App_GlobalResources folder
  • 76. © RL Soft 2010 Partner Opportunities How to customize XtraShare Object Model/Web Service to interact with the XtraShare objects (users/groups…) Full source code of Web Parts provided upon request Extensible Event Trigger Mechanism Useful to implement registration workflows
  • 77. © RL Soft 2011 Thanks to… Brian Culver’s Extranet presentation http://www.slideshare.net/bculver/sharepoint-2010-extranets-and-authentication-how-will-sharepoint-2010-connect-you-to-your-partners SharePoint 2010 Unleashed (by Michael Noel) http://www.amazon.com/Microsoft-SharePoint-2010-Unleashed-Michael/dp/0672333252 Windows Identity Foundation Training Kit http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0 Extranet Topologies for SharePoint 2010: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=EB4BFF25-BABA-4112-B518-F2FC442D5467
  • 78. © RL Soft 2011 References An Introduction to Claims http://msdn.microsoft.com/en-us/library/ff359101.aspx Windows Identity Foundation http://msdn.microsoft.com/en-us/security/aa570351.aspx Plan authentication methods (SP 2010) http://technet.microsoft.com/en-us/library/cc262350.aspx
  • 79. If you want to know more…Contact us atinfo@rl-soft.comDownload and evaluate XtraShare athttp://www.rl-soft.com

Editor's Notes

  1. Authentication = the mechanism whereby systems may securely identify their usersAuthorization = the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system