Security changes in SharePoint 2013

In this post, we will discuss some of the security changes in SharePoint 2013 compared to SharePoint 2010.

New to Office 365 SharePoint Online? Get Office 365 Enterprise E3 Subscription & Try out all the features

SharePoint 2013 has lots of changes towards the authentication model. Now Claims-based authentication is the default for all SharePoint 2013 web applications. Claims based authentication uses tokens to identify users with claims which are nothing but some attributes like username, email etc. Read about SharePoint 2013 authentication.

In SharePoint 2013, through claims you will be able to allow multiple authentication types on a single web application. If you are interested to use classic authentication, then you can use PowerShell to change the default claims based to classic mode.

Another change in SharePoint 2013 is the introduction of OAuth. OAuth is used to authenticate and authorize apps and services, without the user having to provide credentials to the app. It does this by establishing a trust between the app server and SharePoint so the app can access its request. A user signs in to SharePoint 2013 and is authenticated through Claims. They then use an Office Store or an app catalog app; the app is granted permission by the user to access SharePoint resources on the user’s behalf. When a user launches an app, SharePoint 2013 posts a context token to the app. The app then calls back to SharePoint 2013 to access the SharePoint resources on behalf of the user by using an access token.

If you want to use Active Directory Federation Services, then you can set up multiple applications and systems that trust the authentication cookies you enable, so the user just signs into ADFS and has access to all these systems without having to sign in again.

Read some SharePoint 2013 tutorials:

Hope this will be helpful.

Check out Best Alternative to InfoPath -> Try Now


(Installation & Features)