Archives For SharePoint 2010 Security


Claims-based identity provides a common way for applications to acquire identity information from users inside their organization, in other organizations, and on the Internet. Identity information is contained in a security token, often simply called a token. A token contains one or more claims about the user. Think of it as metadata about the user that stays with them throughout their session.

One big benefit when configuring claims is that it’s going to be easier as they look at the people picker.

Note that with beta 2 you might never recognize that claims are available for you to work with because you might have web applications that are created in classic mode.

Open the SharePoint Central Administration.

Navigate to Application Management.

Select the Manage web applications hyperlink.

Click the New button to create a new web application.

The first section is the Authentication section. There you can choose if you want to create the web application with Classic Mode Authentication or with Claims Based Authentication.

Select the Claims Based Authentication option.

 

Claims Based Authentication in Sharepoint 2010

Scroll down to the Identity Providers section. Notice that you can enable ­­Windows Authentication, or enable ASP.NET Membership and Role Provider. If you would have other trusted identity providers, you could add them to this list as well.

SharePoint 2010 Identity Providers:

Go back to the main page of the SharePoint Central Administration.

Click on the Security hyperlink.

Notice that in the General Security section there is a Manage trust hyperlink.

Click on the hyperlink to see a list of trusted identity providers. The Trusted Service Consumer is the one that is there by default.

Click the Farm Trusts tab on the ribbon.

Click the New button to create a new trust.

In the General Settings enter the name Live ID.

You have to specify a Root Certificate for trust to indicate that you trust the new authentication system.

You also have to specify the Farm Trust.

Establish Farm Trust in SharePoint 2010

Cancel the process.

Go back to the SharePoint Central Administration and again choose to create a new web application.

Again select the Claims Based Authentication option.

If you would have configured the Live ID as a trusted Identity Provider it would appear in the section of Identity Providers together with Windows Authentication and ASP.NET Membership.

Scroll down to the Sign In Page URL section.

Sign In Page Url, SharePoint 2010

You could design your own sign-in page that would be displayed when a user navigates to your SharePoint site.

Navigate to the Site Permissions page of the intranet site to add some users.

Click the Grant Permissions button.

Choose a user from the People Picker. This is a sample of the People Picker in classic mode.

Select People and Group in SharePoint 2010

Navigate to the Site Settings page and select the People and Groups hyperlink.

Select the New User button.

In the Grant Permissions dialog you can enter the name of a new user. The claim based People Picker is displayed.

The left pane is populated with all claims providers.

image

When you type in a brian and then search for it, you will see that the Active Directory contains 2 results.

For More Info:
http://channel9.msdn.com/Learn/Courses/SharePoint2010Developer/
SharePoint2010Security/ConfiguringClaimsDemo