TechEd 2013: Authentication and Authorization Infrastructure in Microsoft SharePoint 2013

28 Jun 2013
June 28, 2013

Session by Paolo Pialorsi (@PaoloPia)


In this session, you learn how authentication and authorization work in SharePoint 2013, either when handling direct users’ requests, or running requests for SharePoint apps. In particular, see how to federate with an external Identity Provider like Windows Azure ACS to authenticate users and then authorize them in SharePoint, leveraging claims.

There is one Level 400 session (highest) – guess what’s it about? Right, Authentication.

Here are my session notes.


Classic Authentication is deprecated in SharePoint 2013. So its all about Claims now. The though thing is to map the incoming tokens from the authentication provider to the ones SharePoint use.

Identity Provider

Paolo showed an example how to utilize Facebook to log into SharePoint via Azure ACS. As said, he had to map the incoming claims token to SharePoint properties – trust the certificate on the SharePoint site and that’s it basically.

You can create a custom Identity Provider, there is a every well documented example by Steve Peschka.


After the theory Paolo showed us how to utilize this knowledge in combination with apps. This is my favorite diagram about this:

Copied from the slides:

This is crazy stuff – but very powerful.

Session Slides and Recording

The presentation and the recording will be available at the Chanel 9 site. I recommend you to watch the recording, the demos are not visible in the slides at all.

My evaluation

Authentication/Security is tough stuff: I did something similar with ADFS for a client, I wish I had this information earlier – it helped me understand what’s happening under the hood. Too bad that there are not that many advanced sessions, I wish there were more. Thanks Paolo for my better understanding about this topic!

Max Melcher
Follow me!

Max Melcher

Maximilian Melcher (MCSE, MCPD) is a Principal Consultant working at Alegri International Services in Munich, Germany. Max is a specialist in SharePoint technologies focused on search, social computing, web content management and collaboration. Max has led SharePoint implementations for Dax 30 companies since 2009.
Max’s free time is spent on twitter (@maxmelcher) mostly with a good coffee in his hands.
Max Melcher
Follow me!
Tags: , , ,
1 reply

Trackbacks & Pingbacks

  1. […] by Simon Skinner, notes by MaxAuthentication and Authorization Infrastructure by Paolo Pialorsi, notes by MaxOptimizing SQL Server 2012 for SP2013 by Brian Alderman. Guess how made great session notes again? […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.