Skip to Main Content
Essential SharePoint
book

Essential SharePoint

by Jeff Webb
May 2005
Beginner content levelBeginner
336 pages
10h 14m
English
O'Reilly Media, Inc.
Content preview from Essential SharePoint

Maintaining Server Security

Access to SharePoint sites is controlled through the authentication settings in IIS. The default setting is to use Windows integrated authentication, but sites can also use digest or basic authentication.

Digest authentication is used when SharePoint is installed in Active Directory mode (as when configured for use by an ISP). Basic authentication sends user name and password information as text, which provides less protection for that information but allows it to pass though a network firewall.

In addition, the security settings in the site's web.config file can control which users are allowed or denied permission to access the site. For example, the following settings only allow access to users with Administrative privileges on the server:

   <authentication mode="Windows" />
   <authorization>
         <allow roles="Administrators" />
         <deny users="*" />
   </authorization>
   <identity impersonate="true" />

The roles attribute above refers to the Windows account group, not the SharePoint group. You can use allow and deny element to add or remove specific roles or users. For example the following element blocks the BeigeBond from access the site:

   <deny users="WOMBAT1\BeigeBond" />

The impersonate attribute determines the identity used to run applications within the SharePoint site. In this case, SharePoint .aspx pages and web parts execute using the permissions granted to the user's account.

Once a user is authenticated, SharePoint uses the members list stored in the site's ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

SharePoint User's Guide

SharePoint User's Guide

Infusion Development Corp. (Infusion Development Corporation)
Beginning SharePoint® 2010: Building Business Solutions with SharePoint

Beginning SharePoint® 2010: Building Business Solutions with SharePoint

Amanda Perran, Shane Perran, Jennifer Mason, Laura Rogers

Publisher Resources

ISBN: 0596008805Errata Page