Kwizcom Forms

Different Authentication mechanism in SharePoint 2010

In this post, we will discuss different authentication mechanism in SharePoint 2010. A user’s identity must be validated before a user trying to use the SharePoint application.

Also, you can check out:

SharePoint deveopment training course

Authentication methods determine which type of identity directory is to be used and how users are authenticated by IIS. SharePoint supports below types of authentication:

– Windows Authentication
– Forms Authentication
– Claims-based Authentication
– Web Single Sign-On Authentication

Windows Authentication:

Windows Authentication uses Active Directory to validate users. When Windows Authentication is selected, IIS uses the Windows Authentication protocol that is configured in IIS.

The security policies like account expiration policies, password complexity policies, and password history policies etc that are applied to the user accounts are configured within Active Directory, not in SharePoint.

When a user attempts to authenticate to a SharePoint web using Windows Authentication, IIS validates the user against NTFS and Active Directory; once the validation occurs, the user is authenticated and the access levels of that user are applied by SharePoint.

Anonymous Access:

Anonymous access associates unknown users with an anonymous user account(IUSR_machinename). It is commonly used in Internet sites. However, this configuration is disabled by default.

In order to configure anonymous access to a SharePoint application, anonymous access must be enabled in IIS and the SharePoint application, and the anonymous user account must be provisioned.

Anonymous users are only allowed to read, and they are unable to edit, update, or delete content.

Forms-Based Authentication:

The forms-based Authentication method is used against custom authentication provider like custom LDAP directory, SQL Server etc.

Claims-Based Authentication:

Claims-based identity is a security model for authentication and authorization based on the Windows Identity Foundation.

You can check the good article on Configure Claim Based Authentication in SharePoint 2010.

Web Single Sign-On:

The Web Single Sign-On authentication method is used in environments configured for federated identity systems. An independent identity management system integrates user identities across heterogeneous directories and provides the user validation for IIS. This includes Microsoft Identity Information Server with Active Directory Federation Services, Oracle Identity Management with Single Sign-On and Web Access Control, and Sun Microsystems Java System Identity Manager.

Combined Access:

In SharePoint, it is possible to configure a combination of authentication methods. For instance,
employees and external partners can use different methods, such as Active Directory for internal people and a SharePoint list via Forms Authentication for others. This is achieved by defining two zones and associating authentication methods with the zones. The intranet zone would be configured with Windows Authentication and an extranet zone would be configured with ASP.NET Forms authentication.

Check out Best Alternative to InfoPath -> Try Now

free sharepoint training

SharePoint Online FREE Training

JOIN a FREE SharePoint Video Course (3 Part Video Series)


About Bijay Kumar

I am Bijay from Odisha, India. Currently working in my own venture TSInfo Technologies in Bangalore, India. I am Microsoft Office Servers and Services (SharePoint) MVP (5 times). I works in SharePoint 2016/2013/2010, SharePoint Online Office 365 etc. Check out My MVP Profile.. I also run popular SharePoint web site

View all posts by Bijay Kumar →