Chapter 9: Claims-Based Authentication
What’s In This Chapter?
- Using claims-based identity
- SharePoint authentication options
- Creating claims-based web applications
SharePoint Server 2010 utilizes a new authentication model called claims-based authentication (CBA). CBA is based on the concept of identity and utilizes open source standards and protocols so that it works with any corporate identity system, not just Active Directory and not just Windows-based systems. Identity is represented by a security token. This token is presented to any application to which the individual is attempting to gain access. The individual’s token, and therefore his or her identity, is verified by some system. This is normally some directory service that contains username and password information, but the beauty of CBA is that it is not limited to just username and password information.
CBA provides a trust-based system between applications and a centralized provider that issues the token. The application trusts the individual because they trust the provider. Therefore, in addition to providing a single sign-on environment, this alleviates the need for each application to authenticate the user, enabling the application to focus on what permissions to assign, and how the application interacts with, the user. This chapter is an introduction to CBA, and it will provide you with the knowledge necessary to begin using CBA for SharePoint websites.
Claims-Based Identity
User identity is a fundamental requirement ...