In this post, we will discuss different authentication mechanism in SharePoint 2010. A user’s identity must be validated before a user trying to use the SharePoint application.
Also, you can check out:
- Retrieve content type id by content type name using client object model code SharePoint online
- Activate SharePoint Server Publishing Feature programmatically using C#.Net .net managed object model code
Authentication methods determine which type of identity directory is to be used and how users are authenticated by IIS. SharePoint supports below types of authentication:
– Windows Authentication
– Forms Authentication
– Claims-based Authentication
– Web Single Sign-On Authentication
Windows Authentication uses Active Directory to validate users. When Windows Authentication is selected, IIS uses the Windows Authentication protocol that is configured in IIS.
The security policies like account expiration policies, password complexity policies, and password history policies etc that are applied to the user accounts are configured within Active Directory, not in SharePoint.
When a user attempts to authenticate to a SharePoint web using Windows Authentication, IIS validates the user against NTFS and Active Directory; once the validation occurs, the user is authenticated and the access levels of that user are applied by SharePoint.
Anonymous access associates unknown users with an anonymous user account(IUSR_machinename). It is commonly used in Internet sites. However, this configuration is disabled by default.
In order to configure anonymous access to a SharePoint application, anonymous access must be enabled in IIS and the SharePoint application, and the anonymous user account must be provisioned.
Anonymous users are only allowed to read, and they are unable to edit, update, or delete content.
The forms-based Authentication method is used against custom authentication provider like custom LDAP directory, SQL Server etc.
Claims-based identity is a security model for authentication and authorization based on the Windows Identity Foundation.
You can check the good article on Configure Claim Based Authentication in SharePoint 2010.
Web Single Sign-On:
The Web Single Sign-On authentication method is used in environments configured for federated identity systems. An independent identity management system integrates user identities across heterogeneous directories and provides the user validation for IIS. This includes Microsoft Identity Information Server with Active Directory Federation Services, Oracle Identity Management with Single Sign-On and Web Access Control, and Sun Microsystems Java System Identity Manager.
In SharePoint, it is possible to configure a combination of authentication methods. For instance,
employees and external partners can use different methods, such as Active Directory for internal people and a SharePoint list via Forms Authentication for others. This is achieved by defining two zones and associating authentication methods with the zones. The intranet zone would be configured with Windows Authentication and an extranet zone would be configured with ASP.NET Forms authentication.
SharePoint Online FREE Training
JOIN a FREE SharePoint Video Course (3 Part Video Series)