Skip to Content
Essential SharePoint
book

Essential SharePoint

by Jeff Webb
May 2005
Beginner
336 pages
10h 14m
English
O'Reilly Media, Inc.
Content preview from Essential SharePoint

Maintaining Server Security

Access to SharePoint sites is controlled through the authentication settings in IIS. The default setting is to use Windows integrated authentication, but sites can also use digest or basic authentication.

Digest authentication is used when SharePoint is installed in Active Directory mode (as when configured for use by an ISP). Basic authentication sends user name and password information as text, which provides less protection for that information but allows it to pass though a network firewall.

In addition, the security settings in the site's web.config file can control which users are allowed or denied permission to access the site. For example, the following settings only allow access to users with Administrative privileges on the server:

   <authentication mode="Windows" />
   <authorization>
         <allow roles="Administrators" />
         <deny users="*" />
   </authorization>
   <identity impersonate="true" />

The roles attribute above refers to the Windows account group, not the SharePoint group. You can use allow and deny element to add or remove specific roles or users. For example the following element blocks the BeigeBond from access the site:

   <deny users="WOMBAT1\BeigeBond" />

The impersonate attribute determines the identity used to run applications within the SharePoint site. In this case, SharePoint .aspx pages and web parts execute using the permissions granted to the user's account.

Once a user is authenticated, SharePoint uses the members list stored in the site's ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

SharePoint User's Guide

SharePoint User's Guide

Infusion Development Corp. (Infusion Development Corporation)
SharePoint 2016 For Dummies

SharePoint 2016 For Dummies

Ken Withee, Rosemarie Withee
Microsoft SharePoint 2016 Step by Step

Microsoft SharePoint 2016 Step by Step

Olga Londer, Penelope Coventry

Publisher Resources

ISBN: 0596008805Errata Page