Authentication Methods in SharePoint 2013

Overview

In this series I'm going to talk about the authentication methods and authentication types in SharePoint 2013. I will also talk about the authentication process of each type as well.

In this article I will cover some definitions and will talk about Authentication methods in SharePoint (Claims-based authentication and Classic mode authentication).

In the next posts I will cover the authentication types in SharePoint 2013 (Windows Authentication, Forms-based Authentication and SAML-based Authentication).

Authentication

Authentication is the process of validatiing the user's identity against an authentication provider that contains the user's credentials and can confirm that the user submitted them correctly.

Authentication Methods

An authentication method is how the user credentials and other information that confirms the user's identity is being exchanged.

The result of the authentication method is a token that contains claims that an authentication provider has authenticated a user.

Authentication Type

An authentication type is a way of validatiing a user's credentials against one or more authentication providers.

Authentication providers can be ASP.NET membership and role provider, Active Directory Domain Services (AD DS) and so on.

An authentication type can use multiple authentication methods.

Authentication Methods in SharePoint

1. Claims-based authentication

Claims-based identity simplifies the authentication logic as it separates the authentication logic from the application itself as it moves it to an identity provider.

All of the claims for a specific user are contained in a security token, that is the complete set of claims information in digital form associated with that user.

The following describes how claims-based authentication works:

1. The user requests to access the application or service.
2. The application or service sends a request to the STS for a token for that user.
3. The STS authenticates the user (for example, via a password or smart card or biometric scan).
4. The STS generates the token.
   
   
   
   
5. The STS digitally signs the token and the digital signature becomes part of the token.
6. The STS returns the token to the application or service that requested it.
7. The application verifies that the digital signature is valid and that it came from an STS that the application trusts (each application will have a list of trusted STSs).
8. The application processes the claims information to determine whether to allow the user to access the service or application and what level of access the user will have.
   
   
   

For more infoemation about Claims-based authentication the following are some resources:

• A very good article by Deb Shinder: Deb Shinder- Claims Based Identity: What does it Mean to You?
• A video tutorial by Pluralsight: How Claims Based Authentication works?

2. Classic Mode authentication

Classic mode authentication only supports Windows Authentication, you cannot use forms-based or SAML-based authentication with classic mode.

It uses the Windows user account to directly authenticate the user to access SharePoint resources


Classic mode authentication: also known as Windows classic authentication, is discouraged in SharePoint 2013 and you can only create or configure web applications for classic mode authentication with Windows PowerShell only.

We are done for now, in Part 2 of this article I'm going to talk about the following Authentication Types in SharePoint 2013 and the authentication process of each type:

1. Windows Authentication
2. Forms Based Authentication
3. SAML token-based Authentication

Diagrams source: Microsoft Technet, Pluralsight