Steven Van de Craen, profile picture
Uploaded bySteven Van de Craen
PPTX, PDF663 views

SPSBE 2013 Claims for devs

This document provides an overview of claims-based authentication and authorization in SharePoint. It discusses authentication versus authorization, security tokens and claims, the different authentication options in SharePoint including classic and claims-based modes, and how cookies and expiration work. It also covers claims encoding, demos of creating custom login pages and claims providers, and resources for further information.

Embed presentation

Downloaded 13 times
Claims for devs #spsbe Steven Van de Craen
Thanks to our Sponsors Platinum Gold Silver
About me Steven Van de Craen Ventigrate SharePoint enthousiast Since 2005
Overview • AuthN – AuthZ • Tokens and Claims • What about SharePoint • Passive sign-in • Cookies and expiration • Encoding • #demos • Wrap-up • Resources
AuthN - AuthZ • What is Authentication? Process of determining whether someone is who he declares to be I am @vandest1 • What is Authorization? Process of determining whether someone has the permission to do something I have Read permissions on this site VS
Tokens and Claims • What is a Claim? Information such as name, e-mail, age, group membership, etc. • What is Identity? Set of attributes to describe a user • Security Token User Identity as a set of claims
What about SharePoint • Classic or Claims • Three authentication options  Windows – NTLM/Kerberos/Basic transformed into a Windows token  Forms Based Authentication – Membership and Role Provider, typical extranet with SQL or LDAP as underlying store  Trusted Identity – Outsource authentication to an Identity Provider (WLID, ADFS, custom) • C2WTS Converts classic and claims users to a Windows token for systems that aren’t claims aware
Passive sign-in An Identity Provider (IdP) is an authority that makes claims about an entity An identity provider implements a Security Token Service (STS), which issues tokens The Relying Party (your application) needs to decide which “claim” it trusts Facebook: “Steven is 18 years old” Social Services: “Steven is 29 years old” SAML 1.1 required http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
Cookies and expiration • Persistent vs Session • Single Sign On for Office clients, WebDAV • Configurable on the SharePoint STS • SharePoint 2013 Distributed Cache Stores the security token issued by a Secure Token Service. Any web server can access the security token from the cache, authenticate the user and provide access to the resources requested.
Encoding • Classic Windows: DOMAINusername FBA: myprovider:username • Claims Windows: i:0#.w|domainusername FBA: i:0#.f|myprovider:username • Microsoft.SharePoint.Administration.Cla ims SPClaim SPClaimProviderManager .DecodeClaim/.EncodeClaim
http://www.wictorwilen.se/Post/How-Claims-encoding-works-in-SharePoint-2010.aspx
#demos • Create a custom login page Multiple authentication: automatic redirect Simple audit logging Update SPUser display name and email • Create a custom Security Token Service Provide centralized authentication for many Relying Parties Single sign on across Relying Parties Can have pluggable authentication model with multiple providers • Create a custom claim provider Augment – Provide additional claims for the identity Resolution – Allow name resolution for People Picker Use claims for normalization or authorization (claims based security)
Multiple authentication Use claims for securing content Single sign on across RPs and apps Decouple authentication from SharePoint Recommended authentication model for SharePoint Wrap-up
Resources  Implementing Claims-Based Authentication with SharePoint Server 2010 – http://bit.ly/ozwB17  Claims authentication against Windows Live ID for SharePoint 2010 – http://bit.ly/aXKMCp  Converting EPiServer 6 to use claims-based authentication with WIF – http://bit.ly/c71Ipl  Ventigrate Codeplex: External User Management – http://bit.ly/JMtpc4  Claims Walkthrough: Writing Claims Providers for SharePoint 2010 – http://bit.ly/aNPypt  The Identity Guy – http://bit.ly/qYhItd  How Claims encoding works in SharePoint 2010 – http://bit.ly/yqpwR7  How to Get All User Claims at Claims Augmentation Time in SharePoint 2010 – http://bit.ly/gX3V3p  Custom Security Token Service (WIF 4.5) – http://bit.ly/14fGzb5  How to make use of a custom IP-STS with SharePoint 2010 – http://bit.ly/Y7OnJB
THANK YOU Steven Van de Craen EMAIL: steven.vandecraen@ventigrate.be BLOG: http://www.sharepointblogs.be/blogs/vandest TWITTER: @vandest1

More Related Content

PDF
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
byLiam Cleary [MVP]
 
PPTX
T28 implementing adfs and hybrid share point
byThorbjørn Værp
 
PPTX
SharePoint, ADFS and Claims Auth
byKashif Imran
 
PPTX
Claims Based Authentication A Beginners Guide
byPhuong Nguyen
 
PDF
Understanding Claim based Authentication
byMohammad Yousri
 
PPTX
Claim Based Authentication in SharePoint 2010 for Community Day 2011
byJoris Poelmans
 
PDF
Difference between authentication and authorization in asp.net
byUmar Ali
 
KEY
Authentication Using Twitter, Google, Facebook, And More
byBilly Cravens
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
byLiam Cleary [MVP]
 
T28 implementing adfs and hybrid share point
byThorbjørn Værp
 
SharePoint, ADFS and Claims Auth
byKashif Imran
 
Claims Based Authentication A Beginners Guide
byPhuong Nguyen
 
Understanding Claim based Authentication
byMohammad Yousri
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
byJoris Poelmans
 
Difference between authentication and authorization in asp.net
byUmar Ali
 
Authentication Using Twitter, Google, Facebook, And More
byBilly Cravens
 

What's hot

PDF
SharePoint Saturday The Conference DC - How the bcs saved my marriage
byLiam Cleary [MVP]
 
PPTX
DDD Melbourne 2014 security in ASP.Net Web API 2
byPratik Khasnabis
 
PPTX
SharePoint Saturday Toronto July 2012 - Antonio Maio
byAntonioMaio2
 
PPTX
A Developer's Introduction to Azure Active Directory B2C
byJohn Garland
 
PPTX
Understanding Security for Oracle WebLogic Server
byHojjat Abedie
 
PPTX
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
byLiam Cleary [MVP]
 
PPTX
Authentication and Authorization in Asp.Net
byShivanand Arur
 
PPTX
Presentation
byLaxman Kumar
 
PDF
Ymens - Cloud Identity Crisis - Dev Talks 2015
byVlad Mihnea
 
PDF
SharePoint Saturday The Conference DC - How the client object model saved the...
byLiam Cleary [MVP]
 
DOCX
Screen short
bymadhukarreddy007
 
PPTX
Extending SharePoint 2010 to your customers and partners
byCorey Roth
 
PPTX
The bits and pieces of Azure AD B2C
byAnton Staykov
 
PPTX
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
byChris Gillum
 
PPT
SSO_Good_Bad_Ugly
bySteve Markey
 
PDF
OAuth 2.0 Misconceptions
byCory Forsyth
 
PPTX
Browser Security 101
byStormpath
 
PDF
Securing Web Applications with Token Authentication
byStormpath
 
PPTX
K8s idm-devfest
byMarc Boorshtein
 
PDF
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
byPeter Selch Dahl
 
SharePoint Saturday The Conference DC - How the bcs saved my marriage
byLiam Cleary [MVP]
 
DDD Melbourne 2014 security in ASP.Net Web API 2
byPratik Khasnabis
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
byAntonioMaio2
 
A Developer's Introduction to Azure Active Directory B2C
byJohn Garland
 
Understanding Security for Oracle WebLogic Server
byHojjat Abedie
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
byLiam Cleary [MVP]
 
Authentication and Authorization in Asp.Net
byShivanand Arur
 
Presentation
byLaxman Kumar
 
Ymens - Cloud Identity Crisis - Dev Talks 2015
byVlad Mihnea
 
SharePoint Saturday The Conference DC - How the client object model saved the...
byLiam Cleary [MVP]
 
Screen short
bymadhukarreddy007
 
Extending SharePoint 2010 to your customers and partners
byCorey Roth
 
The bits and pieces of Azure AD B2C
byAnton Staykov
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
byChris Gillum
 
SSO_Good_Bad_Ugly
bySteve Markey
 
OAuth 2.0 Misconceptions
byCory Forsyth
 
Browser Security 101
byStormpath
 
Securing Web Applications with Token Authentication
byStormpath
 
K8s idm-devfest
byMarc Boorshtein
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
byPeter Selch Dahl
 

Similar to SPSBE 2013 Claims for devs

PPTX
DD109 Claims Based AuthN in SharePoint 2010
bySpencer Harbar
 
PPTX
Extending Authentication and Authorization
byEdin Kapic
 
PPTX
SharePoint Authentication And Authorization SPTechCon San Francisco
byLiam Cleary [MVP]
 
PPTX
ESPC15 - Extending Authentication and Authorization
byEdin Kapic
 
PPTX
SharePoint Saturday Austin - Share point authentication and authorization
byLiam Cleary [MVP]
 
PDF
Developing custom claim providers to enable authorization in share point an...
byAntonioMaio2
 
PPTX
Claims Based Identity In Share Point 2010
bySteve Sofian
 
PPTX
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
byBrian Culver
 
PPTX
SharePoint Access Control and Claims Based Authentication
byJonathan Schultz
 
PDF
Introduction to claims based authentication in share point 2010
byOfficience
 
PDF
Claims based authentication in SharePoint 2010 - SharePoint Saturday Vietnam
byOfficience
 
PPTX
Share point security 101 sps-ottawa 2012 - antonio maio
byAntonioMaio2
 
PPTX
Authentication, Authorization, and Identity – More than meets the eye…
byScott Hoag
 
PPTX
Claims Authentication in SharePoint 2010
byNathan DeWitt
 
PDF
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
byBrian Culver
 
PPTX
Claims Based Authentication in SharePoint 2010
byJonathan Schultz
 
PPTX
How to deploy SharePoint 2010 to external users?
byrlsoft
 
PDF
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
byNCCOMMS
 
PDF
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
byAntonioMaio2
 
PPTX
The Who, What, Why and How of Active Directory Federation Services (AD FS)
byJay Simcox
 
DD109 Claims Based AuthN in SharePoint 2010
bySpencer Harbar
 
Extending Authentication and Authorization
byEdin Kapic
 
SharePoint Authentication And Authorization SPTechCon San Francisco
byLiam Cleary [MVP]
 
ESPC15 - Extending Authentication and Authorization
byEdin Kapic
 
SharePoint Saturday Austin - Share point authentication and authorization
byLiam Cleary [MVP]
 
Developing custom claim providers to enable authorization in share point an...
byAntonioMaio2
 
Claims Based Identity In Share Point 2010
bySteve Sofian
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
byBrian Culver
 
SharePoint Access Control and Claims Based Authentication
byJonathan Schultz
 
Introduction to claims based authentication in share point 2010
byOfficience
 
Claims based authentication in SharePoint 2010 - SharePoint Saturday Vietnam
byOfficience
 
Share point security 101 sps-ottawa 2012 - antonio maio
byAntonioMaio2
 
Authentication, Authorization, and Identity – More than meets the eye…
byScott Hoag
 
Claims Authentication in SharePoint 2010
byNathan DeWitt
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
byBrian Culver
 
Claims Based Authentication in SharePoint 2010
byJonathan Schultz
 
How to deploy SharePoint 2010 to external users?
byrlsoft
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
byNCCOMMS
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
byAntonioMaio2
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
byJay Simcox
 

Recently uploaded

PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 

SPSBE 2013 Claims for devs

  • 1.
  • 2.
  • 3.
    About me Steven Van deCraen Ventigrate SharePoint enthousiast Since 2005
  • 4.
    Overview • AuthN– AuthZ • Tokens and Claims • What about SharePoint • Passive sign-in • Cookies and expiration • Encoding • #demos • Wrap-up • Resources
  • 5.
    AuthN - AuthZ • Whatis Authentication? Process of determining whether someone is who he declares to be I am @vandest1 • What is Authorization? Process of determining whether someone has the permission to do something I have Read permissions on this site VS
  • 6.
    Tokens and Claims • Whatis a Claim? Information such as name, e-mail, age, group membership, etc. • What is Identity? Set of attributes to describe a user • Security Token User Identity as a set of claims
  • 7.
    What about SharePoint • Classicor Claims • Three authentication options  Windows – NTLM/Kerberos/Basic transformed into a Windows token  Forms Based Authentication – Membership and Role Provider, typical extranet with SQL or LDAP as underlying store  Trusted Identity – Outsource authentication to an Identity Provider (WLID, ADFS, custom) • C2WTS Converts classic and claims users to a Windows token for systems that aren’t claims aware
  • 8.
    Passive sign-in An Identity Provider(IdP) is an authority that makes claims about an entity An identity provider implements a Security Token Service (STS), which issues tokens The Relying Party (your application) needs to decide which “claim” it trusts Facebook: “Steven is 18 years old” Social Services: “Steven is 29 years old” SAML 1.1 required http://msdn.microsoft.com/en-us/magazine/ff872350.aspx
  • 9.
    Cookies and expiration • Persistentvs Session • Single Sign On for Office clients, WebDAV • Configurable on the SharePoint STS • SharePoint 2013 Distributed Cache Stores the security token issued by a Secure Token Service. Any web server can access the security token from the cache, authenticate the user and provide access to the resources requested.
  • 10.
    Encoding • Classic Windows:DOMAINusername FBA: myprovider:username • Claims Windows: i:0#.w|domainusername FBA: i:0#.f|myprovider:username • Microsoft.SharePoint.Administration.Cla ims SPClaim SPClaimProviderManager .DecodeClaim/.EncodeClaim
  • 11.
  • 12.
    #demos • Createa custom login page Multiple authentication: automatic redirect Simple audit logging Update SPUser display name and email • Create a custom Security Token Service Provide centralized authentication for many Relying Parties Single sign on across Relying Parties Can have pluggable authentication model with multiple providers • Create a custom claim provider Augment – Provide additional claims for the identity Resolution – Allow name resolution for People Picker Use claims for normalization or authorization (claims based security)
  • 13.
    Multiple authentication Use claimsfor securing content Single sign on across RPs and apps Decouple authentication from SharePoint Recommended authentication model for SharePoint Wrap-up
  • 14.
    Resources  ImplementingClaims-Based Authentication with SharePoint Server 2010 – http://bit.ly/ozwB17  Claims authentication against Windows Live ID for SharePoint 2010 – http://bit.ly/aXKMCp  Converting EPiServer 6 to use claims-based authentication with WIF – http://bit.ly/c71Ipl  Ventigrate Codeplex: External User Management – http://bit.ly/JMtpc4  Claims Walkthrough: Writing Claims Providers for SharePoint 2010 – http://bit.ly/aNPypt  The Identity Guy – http://bit.ly/qYhItd  How Claims encoding works in SharePoint 2010 – http://bit.ly/yqpwR7  How to Get All User Claims at Claims Augmentation Time in SharePoint 2010 – http://bit.ly/gX3V3p  Custom Security Token Service (WIF 4.5) – http://bit.ly/14fGzb5  How to make use of a custom IP-STS with SharePoint 2010 – http://bit.ly/Y7OnJB
  • 15.
    THANK YOU Steven Vande Craen EMAIL: steven.vandecraen@ventigrate.be BLOG: http://www.sharepointblogs.be/blogs/vandest TWITTER: @vandest1

Editor's Notes

  • #2 Template may not be modified Twitter hashtag: #spsbe for all sessions
  • #16 Please use a picture of yourself in a mountain/cloudscene