Authentication and Authorization in SharePoint 2013

Hi SharePoint friends,

Today I am going to give u a short and sweet about the authentication and authorization in SharePoint 2013 and the improvements in SharePoint 2013. The contents available in this post are taken various sites and MSDN.

What is authentication in SharePoint?

It is a provider that validates the users identity who request access to the web application, Once validated it issues the authenticated user a security token that encapsulates a set of claims based assertions about the user and is used to verify a set of permission assigned to the user.

What is authorization in SharePoint?

It is the process that determines the defined operation on a specified resource within the web application of the authenticated user.

I think you are very clear about the authentication and authorization concept in SharePoint.

The following are the recommended methods of authentication in SharePoint 2013

  1. Windows claim
  2. Security Assertion Markup Language (SAML)-based claims
  3. Form-based authentication
  4. Classic mode authentication – This type is available but it is not recommended and mostly all the new features like app and server to server authentication requires claims based authentication. This authentication can be configured using PowerShell commands.

Note: The classic mode authentication is deprecated in SharePoint 2013.

A new authorization named OAuth is introduced in SharePoint 2013. It is an open protocol and it provides temporary redirection based authorization. It enables users to approve an application act on their behalf without sharing their credentials ( Username and Password). In SharePoint 2013 this authorization feature is used to allow users to grant apps in both SharePoint Store and App Catalog to access the specified, protected user resources and data.

The above is all the general definitions or descriptions for authentication and authorization in SharePoint 2013. Now we can see what are the all the improvements that has been made in the claims based authentication.

Improvements:

  • Easier migration from classic mode to Windows-based claims mode with the new Convert-SPWebApplication Windows PowerShell cmdlet
  • Login tokens are now cached in the new Distributed Cache Service – SharePoint 2013 use Distributed Cache service to cache login tokens. In SharePoint 2010 the login tokens are stored in the memory of each front-end servers. Sometimes it cause multiple re-authentication if load balancers are used. Since SharePoint 2013 use a dedicated service for caching there are scale-out benefits and less memory utilization on the front-end servers.
  • Apart from the current logging features, the following are the enhanced logging support provided in SharePoint 2013
    • Separate categorized-claims related logs for each authentication mode
    • Information about adding and removing FedAuth cookies from the Distributed Cache Service
    • Information about the reason why a FedAuth cookie could not be used, such as a cookie expiration or a failure to decrypt
    • Information about where authentication requests are redirected
    • Information about the failures of user migration in a specific site collection

For More information about authentication and authorization in SharePoint 2013 please refer the following links.

Cheers…

4 thoughts on “Authentication and Authorization in SharePoint 2013

  1. Nice post. Here are the posts explaining sharepoint 2013 security model and app security modelhttp://sureshpydi.blogspot.in/2013/03/sharepoint-2013-security-model.htmlhttp://sureshpydi.blogspot.in/2013/03/share-point-2013-app-permissions.html

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s