SharePoint Security and Claims-based Authorization .


30 views
Uploaded on:
Description
SharePoint Security and Claims-based Authorization. Outline. SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities. Security 101. Authentication and Identity Authentication creates identity for security principal
Transcripts
Slide 1

´╗┐SharePoint Security and Claims-based Authorization

Slide 2

Outline SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities

Slide 3

Security 101 Authentication and Identity Authentication makes character for security central Identities put away in client accounts vault Authentication performed utilizing accreditations Authentication delivers some type of identification Authorization and Access Control Subsystem used to characterize security approach Privileged clients design ACLs on articles Subsystem implements arrangement at run time

Slide 4

SharePoint 2007 Authentication SharePoint depends on outer parts Windows Authentication through Windows Server and IIS FBA by means of ASP.NET and confirmation supplier Web SSO by means of Active Directory Federation Services (ADFS) SharePoint makes profile for outside personality Tracked per webpage gathering in User Profile List Seen by engineers as SPUser question

Slide 5

SHAREPOINT\System Account WSS V2 has issues with AppPool Identity WSS V3 presented SHAREPOINT\system Hides IIS Application Pool Identity from clients Runs as God inside WSS approval framework Removes need to regard Application Pool Identity as website client

Slide 6

WSS Identity versus Windows Identity It\'s essential to comprehend the distinction Pages, Lists & Documents SharePoint content Web Server Web Application Worker Process Authorized utilizing SharePoint Identity Authorized utilizing Windows Identity AdventureWorks Database SQL Server XML File nearby record framework

Slide 7

Elevation of Privledges Code commonly keeps running under personality of client Authorization fills in obviously in SharePoint Sometime code must do things current client can\'t do Custom code raise benefit Advantage: lifted code can do anything Disadvantage: hoisted code can do anything

Slide 8

SPSite and Elevated Privileges Accessing destinations with WSS question is precarious Must make new SPSite protest in the wake of hoisting

Slide 9

Securable Objects Each website accumulation is a progressive system Each protest may have its own particular ACL Object without ACL depends on parent Top-level webpage is beat level protest in pecking order

Slide 10

Securable Objects OM SPUser speaks to outside security central SPGroup is interior SharePoint amass N SP User SP Group Rights N 1 N 1 N Role Definition Role Assignment N AuthZ Resource SP User

Slide 11

Outline SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities

Slide 12

SharePoint 2010 Security SharePoint 2010 drastically changes confirmation WSS moves to assert based security demonstrate SharePoint 12 style now considered legacy mode Why? It decouples WSS from validation supplier Supports numerous confirmation suppliers for one URL Identity can be passed without Kerberos appointment It empowers league between associations ACLs designed with DLs, Audiences and Orgs PeoplePicker controls comprehends claims

Slide 13

Claim-based Terminology Identity : security central used to arrange security strategy Claim : property of a personality (Login Name, AD Group, and so on) Issuer : trusted gathering that makes claims Security Token : serialized set of cases in digitally marked by issuing power (Windows security token or SAML) Issuing Authority : issues security tokens knowing cases wanted by target application Security Token Service (STS) : assembles, signs and issues security tokens Relying Party : application that settles on approval choices in light of cases

Slide 14

Claims-based Scenarios Active Client - Smart Client App Passive Client - Browser

Slide 15

Claims in SharePoint 2010 Two critical situations Incoming cases Outgoing cases How do approaching cases function? Personality token made by outer character STS SharePoint STS makes guarantee construct character SharePoint STS based with respect to Claims Provider Incoming case character is mapped to SPUser Authorization of SPUser simply like it is in SharePoint 2007

Slide 17

Outgoing Claims What character is utilized for code on WFE? Of course, code has claims-based personality Legacy mode can be utilized for Windows character What are the situations? WFE code calls to application administrations WFE code calls to outer LOB frameworks WFE code calls to outside SharePoint ranches

Slide 19

Outline SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities

Slide 20

Admin UX (Configure AuthN)

Slide 22

Outline SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities

Slide 23

Securable Objects OM Claims AD Security Group DL Audiences Org App claims Roles Contoso User (Federated client) Live ID FBA User Windows User SP User SP Group Rights Principals Assign N Role Definition Role Assignment N 1 N 1 N AuthZ Resource SP User

Slide 24

Development Opportunities Same as in SharePoint 2007 Write code that makes bunches Write code that allots consents New to SharePoint 2010 Create a custom cases supplier Create a character change benefit with Geneva Server

Slide 25

Summary SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities

Recommended
View more...