Chapter 2: Assessing Authentication Options
In This Chapter
Understanding claims-aware applications
Configuring authentication modes
Implementing multiple authentication methods
Using a corporate network is all about authorization (but you knew that). In Book I, Chapter 2 we discuss how to authorize access to the content in your SharePoint sites. To enforce that authorization, SharePoint has to be able to identify which user is trying to get at the content. Similarly, user identity is crucial in providing services (such as User Profiles); the user’s online identity controls what he or she can do with personal home pages and social features.
Authentication is part of the overall process of establishing a user’s identity. When you’re dealing with computer networks, it’s never enough just to say, “I am somebody.” Ultimately, the requesting user presents some form of token (call it a digital voucher) to SharePoint that proves identity. SharePoint then uses this token to associate the user with an internal programming object (called SPUser) that authorizes access to content (saying, in effect, “Okay, you are somebody. Now you can look at this pie chart.”).
In previous versions of SharePoint, the user’s identifying token could be one of these:
♦ A standard Windows security token, representing an Active Directory user object or security group.
♦ A token generated by an ASP.NET membership and role provider — these allow you to essentially write your own authentication and authorization ...