SlideShare a Scribd company logo

Authentication, Authorization, and Identity – More than meets the eye…

Scott Hoag, profile picture
Scott Hoag

The document outlines a presentation on authentication, authorization, and identity topics within SharePoint, conducted by Scott Hoag and Dan Usher for the Princeton SharePoint User Group. The session includes discussions on security concerns, different authentication methods, claims-based authentication, and best practices for limiting access control. Additionally, there are event details, sponsor mentions, and an encouragement for participants to interact and engage with the content and sponsors.

Technology
1 of 57
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
AUTHENTICATION, AUTHORIZ ATION AND IDENTITY… IT’S MORE THAN MEETS THE EYE Scott Hoag and Dan Usher
PRINCETON SHAREPOINT USER GROUP • Different SharePoint discussions each month on various topics. Announced on meetup.com • Meets 4th Wednesday of every month • 6pm – 8pm • Infragistics Office • 2 Commerce Drive, Cranbury, NJ • http://www.meetup.com/princetonSUG • http://www.princetonsug.com
THANK YOU EVENT SPONSORS • Platinum & Gold sponsors have tables here in the Fireside Lounge • Please visit them and inquire about their products & services • To be eligible for prizes make sure your bingo card is signed by all Platinum/Gold
WHO ARE WE? Scott Hoag @ciphertxt Applied Information Sciences Infrastructure Consultant scott.hoag@appliedis.com • Dan Usher • @binarybrewery • Booz Allen Hamilton Incorporated • Lead Associate • usher_daniel@bah.com
Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…
HOUSEKEEPING • Phones silenced, phasers set to stun • Ask questions • Please remember to turn in your filled out bingo cards and event evaluations for prizes. • Follow SharePoint Saturday New Jersey on Twitter @spsnj and hashtag #spsnj • Do not feed Scott donuts…
THINGS TO COVER
THINGS WE WON’T BE COVERING http://go.spdan.com/kerberos2010 http://go.spdan.com/kerberos2013 http://go.spdan.com/multihopwinrm
SECURITY
SPOILER ALERT!!! http://xkcd.com/1240/
SECURITY IN GENERAL
SECURITY IN GENERAL
SECURITY CONCERNS IN TODAY’S WORLD
IDENTIFICATION – WHAT IS?
IDENTIFICATION – TYPES OF…
HOW DO WE PROTECT IDENTITY?
AUTHENTICATION – WHAT IS?
AUTHORIZATION – WHAT IS? • The act of authorizing. • Permission or power granted by an authority; sanction. • To give authority or official power to. • To give authority for; formally sanction (an act or proceeding). • To establish by authority or usage. • Sometimes we call it AuthZ.
SECURITY WITH SHAREPOINT
SECURITY WITH SHAREPOINT
AUTHN – TYPES OF… • Windows • NTLM/Kerberos • Basic • Anonymous • Digest • Client Certificate • Forms-based Authentication • Lightweight Directory Access Protocol (LDAP) • Microsoft SQL Server • ASP.NET Membership and Role Providers
AUTHN – STILL MORE TYPES OF… • SAML Token-based Authentication • Active Directory Federated Services • 3rd Party Identity Provider • Lightweight Directory Access Protocol (LDAP)
AUTHENTICATION VS. AUTHORIZATION
AUTHN VS. AUTHZ (CONTINUED)
AUTHENTICATION – CLAIM TERMINOLOGY • Identity • Info about a Person or Object (AD, Google, Windows Live, Facebook etc.) • Claim • Attributes of the Identity (User ID, Email, Age etc.) • Token • Binary Representation of Identity • Set of Claims and the Signature • Relying Party (aka RP) • Users Token • Secure Token Service (STS) • Issuer of Tokens for Users • SharePoint 2010 Introduced Claims Authentication • What is this? http://go.spdan.com/cba
AUTHENTICATION - CLAIMS
AUTHENTICATION - CLAIMS
WHAT ABOUT CLAIMS IN WINDOWS?
WHAT DOES CLAIMS ENCODING LOOK LIKE? http://go.spdan.com/claimsencoding
WHAT DOES CLAIMS ENCODING LOOK LIKE? http://go.spdan.com/claimsencoding
BASICS OF SHAREPOINT CLASSIC AUTHN Source:http://go.spdan.com/iisauth ASP.NETAuthentication
BASICS OF SHAREPOINT CLAIMS AUTHN 1. Resource Requested 2. AuthN Request / Redirect 3. AuthN Request 4. Security Token 5. Security Token Request 6. Service Token 7. Resource Request w/Service Token 8. Resource Sent Identity Provider Security Token Service aka IP-STS SharePoint 2010 aka RP
SIDE STORY
A SHAREPOINT CONSULTANTS ENTER A BAR…
Authentication, Authorization, and Identity – More than meets the eye…
AUTHN - MEMBERSHIP & ROLE PROVIDERS
AUTHN - MEMBERSHIP & ROLE PROVIDERS
AUTHN – CUSTOM IDENTITY PROVIDER
AUTHN – CUSTOM IDENTITY PROVIDER
AUTHN - PROXY SERVER
AUTHN - DIRECT ACCESS
WINDOWS AZURE ACTIVE DIRECTORY
WINDOWS AZURE ACTIVE DIRECTORY
IDENTITY PROVIDERS https://sts.domain.com
AUTHZ
SHAREPOINT AUTHZ Anonymous Authentication Is In Site Group? Does user have claim attribute? Web Application / Site Collection Secured Site / Site Collection / Content Content Repository Content
AUTHZ - LIMITING ACCESS CONTROL
AUTHZ - OFFICE 365 AND EXTERNAL USERS
AUTHZ - OFFICE 365 AND EXTERNAL USERS
EXPECT THE UNEXPECTED
REAL WORLD
WHAT DO I DO WHERE?
SECURITY IN THE REAL WORLD • Expect the unexpected • People will find a way to circumvent your security • Give users minimal permission • Starting with Less is good • Add functionality through permission as needed • Be prepared to secure at all levels • Web Application • Site Collection • Site • List or Library • Item • Use roles from Provider • Active Directory Groups • Membership and Role Provider Roles • Claims
QUESTIONS
CATCH UP WITH US… Usher_Daniel@bah.com @binarybrewery www.sharepointdan.com Scott.hoag@appliedis.com @ciphertxt http://psconfig.com
THANK YOU EVENT SPONSORS • Platinum & Gold sponsors have tables here in the Fireside Lounge • Please visit them and inquire about their products & services • To be eligible for prizes make sure your bingo card is signed by all Platinum/Gold

More Related Content

PPTX
Performance in .net best practices
Codecamp Romania
 
PPTX
Scalable Resilient Web Services In .Net
Bala Subra
 
PPTX
Web API authentication and authorization
Chalermpon Areepong
 
PPTX
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
Chalermpon Areepong
 
PPTX
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Codecamp Romania
 
PPTX
Asp.net mvc security
LearningTech
 
PPTX
DDD Melbourne 2014 security in ASP.Net Web API 2
Pratik Khasnabis
 
PPT
Smooth Sort
habib_786
 
Performance in .net best practices
Codecamp Romania
 
Scalable Resilient Web Services In .Net
Bala Subra
 
Web API authentication and authorization
Chalermpon Areepong
 
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
Chalermpon Areepong
 
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Codecamp Romania
 
Asp.net mvc security
LearningTech
 
DDD Melbourne 2014 security in ASP.Net Web API 2
Pratik Khasnabis
 
Smooth Sort
habib_786
 

Viewers also liked (17)

PDF
Secure RESTful Web Services for ASP.NET Web API
Rob Daigneau
 
PDF
Design & Deploy a data-driven Web API in 2 hours
Restlet
 
PPTX
End to End Security with MVC and Web API
Michele Leroux Bustamante
 
PPTX
Building Scalable .NET Web Applications
Buu Nguyen
 
PDF
Tips and Tricks For Faster Asp.NET and MVC Applications
Sarvesh Kushwaha
 
PPTX
ASP.NET Core 1.0 Overview: Post-RC2
Shahed Chowdhuri
 
PPTX
Overview of the .Net Collection Framework and Immutable Collections
Yoshifumi Kawai
 
PDF
5. web api 2 aspdotnet-mvc5-slides
MasterCode.vn
 
PPTX
ASP.NET Core MVC + Web API with Overview (Post RC2)
Shahed Chowdhuri
 
PPTX
Scaling asp.net websites to millions of users
oazabir
 
PPTX
10 performance and scalability secrets of ASP.NET websites
oazabir
 
PPTX
ASP.NET Mvc 4 web api
Tiago Knoch
 
PPTX
Learning ASP.NET 5 and MVC 6
Ido Flatow
 
PPTX
ASP.NET MVC Performance
rudib
 
PPTX
Web API or WCF - An Architectural Comparison
Adnan Masood
 
PPTX
Rest API Security
Stormpath
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Secure RESTful Web Services for ASP.NET Web API
Rob Daigneau
 
Design & Deploy a data-driven Web API in 2 hours
Restlet
 
End to End Security with MVC and Web API
Michele Leroux Bustamante
 
Building Scalable .NET Web Applications
Buu Nguyen
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Sarvesh Kushwaha
 
ASP.NET Core 1.0 Overview: Post-RC2
Shahed Chowdhuri
 
Overview of the .Net Collection Framework and Immutable Collections
Yoshifumi Kawai
 
5. web api 2 aspdotnet-mvc5-slides
MasterCode.vn
 
ASP.NET Core MVC + Web API with Overview (Post RC2)
Shahed Chowdhuri
 
Scaling asp.net websites to millions of users
oazabir
 
10 performance and scalability secrets of ASP.NET websites
oazabir
 
ASP.NET Mvc 4 web api
Tiago Knoch
 
Learning ASP.NET 5 and MVC 6
Ido Flatow
 
ASP.NET MVC Performance
rudib
 
Web API or WCF - An Architectural Comparison
Adnan Masood
 
Rest API Security
Stormpath
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Ad

Similar to Authentication, Authorization, and Identity – More than meets the eye… (20)

PPTX
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
PDF
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
PPTX
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Liam Cleary [MVP]
 
PPTX
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
PPTX
SPSBE 2013 Claims for devs
Steven Van de Craen
 
PPTX
SharePoint Authentication and Authorization
Scott Hoag
 
PPTX
SharePoint Authentication and Authorization
Dan Usher
 
PDF
Introduction to claims based authentication in share point 2010
Officience
 
PDF
Claims based authentication in SharePoint 2010 - SharePoint Saturday Vietnam
Officience
 
PPTX
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 
PDF
Understanding Claim based Authentication
Mohammad Yousri
 
PDF
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
NCCOMMS
 
PPTX
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
PPTX
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
PPTX
How to deploy SharePoint 2010 to external users?
rlsoft
 
PPTX
SPSNYC - Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
PPTX
T28 implementing adfs and hybrid share point
Thorbjørn Værp
 
PPTX
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
PPTX
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
 
PPTX
SharePoint, ADFS and Claims Auth
Kashif Imran
 
SharePoint Authentication And Authorization SPTechCon San Francisco
Liam Cleary [MVP]
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
Liam Cleary [MVP]
 
SharePoint Saturday Utah - Do you claim to be from the Azure Sky?
Liam Cleary [MVP]
 
SharePoint Saturday Austin - Share point authentication and authorization
Liam Cleary [MVP]
 
SPSBE 2013 Claims for devs
Steven Van de Craen
 
SharePoint Authentication and Authorization
Scott Hoag
 
SharePoint Authentication and Authorization
Dan Usher
 
Introduction to claims based authentication in share point 2010
Officience
 
Claims based authentication in SharePoint 2010 - SharePoint Saturday Vietnam
Officience
 
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 
Understanding Claim based Authentication
Mohammad Yousri
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
NCCOMMS
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
DD109 Claims Based AuthN in SharePoint 2010
Spencer Harbar
 
How to deploy SharePoint 2010 to external users?
rlsoft
 
SPSNYC - Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
T28 implementing adfs and hybrid share point
Thorbjørn Værp
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Joris Poelmans
 
SharePoint Access Control and Claims Based Authentication
Jonathan Schultz
 
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Ad

More from Scott Hoag (20)

PPTX
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
Scott Hoag
 
PPTX
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
PDF
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
PDF
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
 
PPTX
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
Scott Hoag
 
PPTX
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
 
PPTX
JAXSPUG April 2016 - Staying in the Know with Office 365
Scott Hoag
 
PDF
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
Scott Hoag
 
PPTX
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
PPTX
SPSNYC SharePoint Worst Practices
Scott Hoag
 
PPTX
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
Scott Hoag
 
PPTX
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
Scott Hoag
 
PPTX
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
Scott Hoag
 
PPTX
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
PPTX
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
PPTX
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
Scott Hoag
 
PPTX
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
Scott Hoag
 
PPTX
SPSCBR - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
PDF
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
PPTX
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
SharePoint Conference 2018 - Understanding Office 365 Usage Reporting
Scott Hoag
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
 
SPIntersection 2016 - TO THE CLOUD! USING IAAS AS A HOSTING PROVIDER FOR SHAR...
Scott Hoag
 
SPIntersection 2016 - MICROSOFT CLOUD IDENTITIES IN AZURE AND OFFICE 365
Scott Hoag
 
JAXSPUG April 2016 - Staying in the Know with Office 365
Scott Hoag
 
JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365
Scott Hoag
 
SPSDC - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
SPSNYC SharePoint Worst Practices
Scott Hoag
 
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what work...
Scott Hoag
 
SYDSP - Office 365 and Cloud Identity - What does it mean for me?
Scott Hoag
 
SPSVB - Office 365 and Hybrid Solutions... what works for my organization?
Scott Hoag
 
SPSVB - Office 365 and Cloud Identity - What Does It Mean for Me?
Scott Hoag
 
SPSVB - To the Cloud! Using IaaS as a Hosting Provider for SharePoint
Scott Hoag
 
SPS Sydney - To the Cloud! Utilising Azure as a Cloud Hosting Provider for Sh...
Scott Hoag
 
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?
Scott Hoag
 
SPSCBR - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 
Office 365 and Cloud Identity – What Does It Mean For Me?
Scott Hoag
 
Canberra SPUG - February 2014 - Pitfalls of Migrating to SharePoint 2013
Scott Hoag
 

Recently uploaded (20)

PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Teaching material agriculture food technology
LiaRayya
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Encapsulation theory and applications.pdf
gurumoop
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 

Authentication, Authorization, and Identity – More than meets the eye…

Editor's Notes

  • #8: Dan
  • #9: Dan
  • #10: Dan/Scott
  • #12: Scott
  • #13: Scott
  • #14: Scott
  • #15: Dan
  • #16: Scott
  • #17: Dan
  • #18: Dan
  • #19: Scott
  • #20: Scott
  • #21: Danger Waterfall ahead
  • #22: Scott----- Meeting Notes (7/23/12 23:35) -----Thinking about administrators for SharePoint - what access do they have?
  • #23: Dan
  • #24: Dan
  • #25: Dan
  • #26: Dan
  • #27: Dan/Scott
  • #28: ScottStandards based: Wide SupportEasy to configure? Multiple Web Config changes, Web Application Changes and then of course the actual configuration of your identity provider
  • #29: Scott
  • #30: Dan
  • #31: Scott
  • #32: Scott
  • #33: Dan
  • #34: Dan
  • #35: Dan/Scott
  • #36: Dan
  • #38: Scott
  • #39: Scott
  • #40: Scott
  • #41: Scott
  • #42: Dan
  • #43: Dan
  • #44: DanCurious how to manage Windows Azure Active Directory through PowerShell? http://technet.microsoft.com/en-us/library/jj151815.aspx
  • #45: DanCurious how to manage Windows Azure Active Directory through PowerShell? http://technet.microsoft.com/en-us/library/jj151815.aspx
  • #46: Scott
  • #47: Scott
  • #48: ScottDifferent security boundaries and the permissions that can be applied to them.
  • #49: Dan
  • #50: Dan
  • #51: Dan
  • #52: Scott
  • #54: Dan
  • #55: Scott