1 / 27

SharePoint External Login Access – Forms Authentication vs Azure ACS

SharePoint External Login Access – Forms Authentication vs Azure ACS. Keith Tuomi, SharePoint MVP. SharePoint Consultant & Developer. MVP MCPD MCTS MCSE. Things I will be talking about. Extranet scenarios in SharePoint Claims Authentication Forms Based Authentication

rendor
Download Presentation

SharePoint External Login Access – Forms Authentication vs Azure ACS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SharePoint External Login Access – Forms Authentication vs Azure ACS

  2. Keith Tuomi, SharePoint MVP SharePoint Consultant & Developer MVPMCPD MCTS MCSE

  3. Things I will be talking about.. Extranet scenarios in SharePoint Claims Authentication Forms Based Authentication 3rd party vendor options for Forms Based Auth Azure ACS Authentication Pros & Cons of Forms Based Auth vs Azure ACS

  4. What’s an Extranet? Controlled access from external networks

  5. Extranet Requirements • What do you REALLY need? • Who needs access to your SharePoint? • How sensitive is the data? • How important is ease of access? • How important is ease of user management?

  6. Extranet Requirements • Who Needs access? • Internal employees = Active Directory, Azure Active DirectoryExternal users (Clients, partners, consultants) = Active Directory, Forms Based Authentication, Azure ACS Authentication

  7. Claims Authentication First things first- understanding Authentication vs Authorization..Authentication is the process of validating a user’s identity.(SharePoint never performs authentication btw)Authorization is the process of deciding the resources & functionality to which an authenticated user has access to

  8. Claims Authentication Q. What’s a Claim?A. A piece of info describing a user: - Name Jane Doe - Email jane.doe@organization.com - Group/Role membership HR - Age24 - Hire Date 12/10/2013 - etc.

  9. Claims Authentication Q. Why do we say “claim” and not “attribute”?A. Consider: - Both Facebook and Microsoft have an Age attribute- Facebook claims user is 18 while Microsoft claims the user is 35 In order to make authorization decisions, your app needs to decide which “claim” it will trust.

  10. Claims Authentication How Claims works (the techy diagram):

  11. Claims Authentication How Claims works (layman’s terms): You check in at the Airport (SharePoint) (Authentication)- present credentials (Passport)- credentials are validated by security guard You receive a boarding pass (Authorization)- Seat, Frequent Flyer, Gate etc.

  12. Claims Authentication More on the details of claims (great party trivia!): http://yalla.itgroove.net/2012/11/claims-based-authentication-in-sharepoint-2010/

  13. Forms Based Authentication OPTION A – Roll your ownSetting up a basic Forms Authentication implementationhttp://blogs.visigo.com/chriscoulson/configuring-forms-based-authentication-in-sharepoint-2013-part-1-creating-the-membership-database/Details config required to enable basic Forms Authentication in your SharePoint 2013 FarmSharePoint 2013 FBA Packhttp://sharepoint2013fba.codeplex.com/Open source add on to basic Forms plumbing that adds extra options in SharePoint site settings & web parts for user management, password reset, etc.

  14. Forms Based Authentication OPTION A – Roll your ownDemo

  15. Forms Based Authentication OPTION B – 3rd Party Vendors- FBA Suite- ExCM 2013- Extradium- Envision IT Extranet User Manager for SharePoint- itgroove .. and more.

  16. Forms Based Authentication Functionality to consider when planning Forms Auth: Password Policies – Minimum length, complexity, expiry, re-use of old PW Login Details – Failed login lockout criteria, remember PW Self-service – Resetting PW, forgotten PW retrieval Branding – Styling of Login & User facing web pages Data Store – Database encryption, reporting & User auditing

  17. Azure ACS Authentication Cloud based Microsoft Identity providerwww.WindowsAzure.com Management Console:https://manage.windowsazure.com

  18. Azure ACS Authentication Allows Claims authentication against popular identity providers like Google, Microsoft, Yahoo, Facebook etc. Is a $ free service $ as part of your overall Windows Azure account Initial setup in SharePoint is performed via a PowerShell that sets up a certificate, defines what Claims to use, and defines your providers Once the SharePoint web app is married to the Azure ACS Access Control Namespace, we then go to the web app settings in SharePoint Central Administration and enable the new Identity Provider we’ve created

  19. Azure ACS Authentication

  20. Azure ACS Authentication

  21. Azure ACS Authentication

  22. Azure ACS Authentication

  23. Azure ACS Authentication Further references for configuring Azure ACS:http://msdn.microsoft.com/en-us/library/gg429788.aspx http://dannyjessee.com/blog/index.php/2012/11/using-azure-acs-to-sign-in-to-sharepoint-2013-with-facebook/ http://robbincremers.me/2012/02/22/using-windows-azure-access-control-service-to-provide-a-single-sign-on-experience-with-popular-identity-providers/ http://blogs.msdn.com/b/mvpawardprogram/archive/2011/06/17/mvps-for-sharepoint-2010-using-azure-acs-v2-to-authenticate-external-systems-users.aspx

  24. Pros & Cons of Forms Based Auth

  25. Pros & Cons of Azure ACS Auth

  26. Questions?

  27. Thanks! Keith Tuomi Email: ktuomi@itgroove.net Blog: http://yalla.itgroove.net Twitter: @itgroove_keith

More Related