Hi SharePoint friends,
Today I am going to give u a short and sweet about the authentication and authorization in SharePoint 2013 and the improvements in SharePoint 2013. The contents available in this post are taken various sites and MSDN.
What is authentication in SharePoint?
It is a provider that validates the users identity who request access to the web application, Once validated it issues the authenticated user a security token that encapsulates a set of claims based assertions about the user and is used to verify a set of permission assigned to the user.
What is authorization in SharePoint?
It is the process that determines the defined operation on a specified resource within the web application of the authenticated user.
I think you are very clear about the authentication and authorization concept in SharePoint.
The following are the recommended methods of authentication in SharePoint 2013
Security Assertion Markup Language (SAML)-based claims
Classic mode authentication – This type is available but it is not recommended and mostly all the new features like app and server to server authentication requires claims based authentication. This authentication can be configured using PowerShell commands.
Note: The classic mode authentication is deprecated in SharePoint 2013.
A new authorization named OAuth is introduced in SharePoint 2013. It is an open protocol and it provides temporary redirection based authorization. It enables users to approve an application act on their behalf without sharing their credentials ( Username and Password). In SharePoint 2013 this authorization feature is used to allow users to grant apps in both SharePoint Store and App Catalog to access the specified, protected user resources and data.
The above is all the general definitions or descriptions for authentication and authorization in SharePoint 2013. Now we can see what are the all the improvements that has been made in the claims based authentication.
Easier migration from classic mode to Windows-based claims mode with the new Convert-SPWebApplication Windows PowerShell cmdlet
Login tokens are now cached in the new Distributed Cache Service – SharePoint 2013 use Distributed Cache service to cache login tokens. In SharePoint 2010 the login tokens are stored in the memory of each front-end servers. Sometimes it cause multiple re-authentication if load balancers are used. Since SharePoint 2013 use a dedicated service for caching there are scale-out benefits and less memory utilization on the front-end servers.
Apart from the current logging features, the following are the enhanced logging support provided in SharePoint 2013
Separate categorized-claims related logs for each authentication mode
Information about adding and removing FedAuth cookies from the Distributed Cache Service
Information about the reason why a FedAuth cookie could not be used, such as a cookie expiration or a failure to decrypt
Information about where authentication requests are redirected
Information about the failures of user migration in a specific site collection
For More information about authentication and authorization in SharePoint 2013 please refer the following links.