In this article we will see what are all the improvements in claims-based authentication in SharePoint 2013.
- Claims-based authentication is the default for new web applications in SharePoint 2013.
- When you create a web application in Central Administration, you can only specify authentication methods for claims-based authentication.
- Although Windows Classic mode authentication is still available in SharePoint 2013 and can be configured through Windows PowerShell, we recommend that you use claims-based authentication. Windows Classic mode authentication is deprecated in SharePoint 2013.
In SharePoint 2010, while creating a new web application we will see the following options related to authentication and security.
But in SharePoint 2013 we will see only claims-based authentication:
We will do the easier migration from classic mode to Windows-based claims mode with the new Convert-SPWebApplication Windows PowerShell cmdlet.
Some of the key changes related to security in SharePoint 2013 are:
- Login tokens are now cached in the new Distributed Cache Service.
- By storing the login tokens in the Distributed Cache Service in SharePoint 2013, the configuration of affinity in your load balancing solution is no longer required. There are also scale-out benefits and less memory utilization in the web front-ends because of a dedicated cache service.
- SharePoint 2013 has a dedicated local server-to-server security token service (STS) that provides server-to-server security tokens that contain user identity claims to enable cross-server authenticated access.
- SharePoint 2013 uses OAuth 2.0 to authorize requests by apps in the SharePoint Store and App Catalog to access SharePoint resources on behalf of a user.
Understanding these changes will really help us to design and develop applications based on SharePoint 2013.