TechEd 2013: Authentication and Authorization Infrastructure in Microsoft SharePoint 2013

28 Jun
June 28, 2013

Session by Paolo Pialorsi (@PaoloPia)

image

In this session, you learn how authentication and authorization work in SharePoint 2013, either when handling direct users’ requests, or running requests for SharePoint apps. In particular, see how to federate with an external Identity Provider like Windows Azure ACS to authenticate users and then authorize them in SharePoint, leveraging claims.

There is one Level 400 session (highest) – guess what’s it about? Right, Authentication.

Here are my session notes.

Authentication

Classic Authentication is deprecated in SharePoint 2013. So its all about Claims now. The though thing is to map the incoming tokens from the authentication provider to the ones SharePoint use.

Identity Provider

Paolo showed an example how to utilize Facebook to log into SharePoint via Azure ACS. As said, he had to map the incoming claims token to SharePoint properties – trust the certificate on the SharePoint site and that’s it basically.

You can create a custom Identity Provider, there is a every well documented example by Steve Peschka.

Apps

After the theory Paolo showed us how to utilize this knowledge in combination with apps. This is my favorite diagram about this:

Copied from the slides: http://video.ch9.ms/sessions/teched/eu/2013/SES-B402.pptx

This is crazy stuff – but very powerful.

Session Slides and Recording

The presentation and the recording will be available at the Chanel 9 site. I recommend you to watch the recording, the demos are not visible in the slides at all.

My evaluation

Authentication/Security is tough stuff: I did something similar with ADFS for a client, I wish I had this information earlier – it helped me understand what’s happening under the hood. Too bad that there are not that many advanced sessions, I wish there were more. Thanks Paolo for my better understanding about this topic!

Max Melcher

Maximilian Melcher (MCITP, MCPD) is a Managing Consultant for Alegri International Services in Munich, Germany. Max is a specialist in SharePoint technologies focused on search, social computing, web content management and collaboration.
Max has led SharePoint implementations for Dax 30 companies since 2009.

Max’s free time is spent on twitter mostly with a good coffee in his hands.
Tags: , , ,
1 reply

Trackbacks & Pingbacks

  1. […] by Simon Skinner, notes by MaxAuthentication and Authorization Infrastructure by Paolo Pialorsi, notes by MaxOptimizing SQL Server 2012 for SP2013 by Brian Alderman. Guess how made great session notes again? […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">