This article is about SharePoint Server and its Overview.
It require Authentication for the following Interactions:
- Users who access on-premises SharePoint resources
- Apps that access on-premises SharePoint resources
- On-premises servers that access SharePoint resources on on-premises, or vice versa
User Authentication in SharePoint Server
User authentication is the validation of a particular user’s identity against an authentication provider, which is a directory or database that contains the user’s credentials and can verify that the user submitted them correctly. User authentication shows when an user attempts to access a SharePoint resource.
SharePoint Server Supports Claims Based Authentication.
The result of a claims based authentication is a claims based token security, which the SharePoint Security Token Service (STS) generates.
SharePoint Server supports forms-based, Windows, and Security Assertion Markup Language (SAML) based claims authentication.
- App authentication is the key validation of a remote SharePoint app’s identity and the authorization of the app and an associated user of a secured SharePoint resource request.
- App authentication shows-up when an external component of a SharePoint Store app or an App Catalog app, such as a web server that is located on the intranet or the Internet, attempts to access a secured SharePoint resource.
- For instance, suppose that a user opens a SharePoint page that contains an IFRAME of a SharePoint app, and that IFRAME needs an external component, such as a server on the Internet or the intranet, to access a secured SharePoint resource in order to render the page.
- The external component of the SharePoint app must be authorized and authenticated so that SharePoint provides the requested information and the app can render the page for the user.
App Authentication is a Combination of two Processes:
- AuthenticationVerifying that the application has registered properly with a commonly trusted identity broker
- AuthorizationVerifying that the associated user and the application for the request has the appropriate permissions to perform its operation, such as accessing a folder or list or executing a query
To perform authentication on app, the application obtains an access token either from the Microsoft Azure ACS (Access Control Service) or by self-signing an access token using a certificate that SharePoint Server trusts.
The access token asserts a request for access to a specific SharePoint resource and contains information that identifies the app and the associated user, instead of the validation of the user’s credentials. The access token is not a logon token.
- Server-to-server authentication is the verification of a server’s request for resources that is based on a trust relationship established between the STS of the server that runs SharePoint Server and the STS of another server that supports the OAuth STS protocol, such as on-premises running SharePoint Server, Skype for Business 2016, Exchange Server 2016, or Azure Workflow Service, and SharePoint Server running in Office 365.
- Based on this relationship trust, a requesting server can access secured resources on the SharePoint server on behalf of a specified user account, subject to server and user permissions.
- For instance, a server running Exchange Server 2016 can request resources of a server running SharePoint Server for a specific user account.
- When a server running in it which attempts to access a resource on a server or a server attempts to access a resource on a server running it, the incoming access request must be properly authenticated so that the server accepts the incoming access request and subsequent data.
- Server-to-server authentication verifies that the server is running in it and the user whom it is representing are trusted.
Being a Microsoft Certified Partner Locus IT provides Microsoft SharePoint Customization, MS SharePoint Training, MS SharePoint Staffing, Microsoft SharePoint upgrade and support services. For more information please contact us.