Claims-based Authentication in SharePoint 2013

Introduction

In this article we will see what are all the improvements in claims-based authentication in SharePoint 2013.

Key-Points

  • Claims-based authentication is the default for new web applications in SharePoint 2013.
  • When you create a web application in Central Administration, you can only specify authentication methods for claims-based authentication.
  • Although Windows Classic mode authentication is still available in SharePoint 2013 and can be configured through Windows PowerShell, we recommend that you use claims-based authentication. Windows Classic mode authentication is deprecated in SharePoint 2013.

In SharePoint 2010, while creating a new web application we will see the following options related to authentication and security.

options-related-Authentication-and-security.jpg

But in SharePoint 2013 we will see only claims-based authentication:

Claims-Based-Authentication.jpg

We will do the easier migration from classic mode to Windows-based claims mode with the new Convert-SPWebApplication Windows PowerShell cmdlet.

Some of the key changes related to security in SharePoint 2013 are:

  • Login tokens are now cached in the new Distributed Cache Service.
  • By storing the login tokens in the Distributed Cache Service in SharePoint 2013, the configuration of affinity in your load balancing solution is no longer required. There are also scale-out benefits and less memory utilization in the web front-ends because of a dedicated cache service.
  • SharePoint 2013 has a dedicated local server-to-server security token service (STS) that provides server-to-server security tokens that contain user identity claims to enable cross-server authenticated access.
  • SharePoint 2013 uses OAuth 2.0 to authorize requests by apps in the SharePoint Store and App Catalog to access SharePoint resources on behalf of a user.

Summary

Understanding these changes will really help us to design and develop applications based on SharePoint 2013.