Friday, December 2, 2016

Claims based Authentication in SharePoint

SharePoint 2013 has 2 authentication mechanisms:
  • ·         Windows classis mode Authentication
  • ·         Claims based Authentication
  • ·         SAML token based authentication

Windows authentication validates the user thorough windows credentials. It uses the windows user account to validate the user to SharePoint resources.
Here I will describe the Claims based authentication with membership provider
  • This authentication mechanism authenticates credentials through a membership provider. The authentication providers can be:
  • ·         LDAP
  • ·         AD DS
  • ·         SQL  Databases



1.       Configure FBA in SharePoint
2.       Open the Central Admin and click on Application ManagementàManage Web Applications
3.       Select the “New Web Application” tab from the ribbon
4.       Under Claims authentication type
       àCheck “Enable form based authentication”
5.       Give the provider name and role manager name.(This will be used in config files and also authenticating with SQL DB
6.       Open the 3 web.config files from IIS:
(Central Admin,Web Application,Security Token service Appication)


Locate the web.config file

Add the Membership Provider and role manager
Replace the section with the name provides while configuring the application
The membership provider includes the names that we will be using to connect to SQL DB.

Same configuration needs to be done to other 2 files mentioned above.

The next step will be authenticating the user through code.
1.       The aspnet membership provider creates the default tables and stored procedures which can be used to validate the user.
2.       A user enters the credentials in the site .The following code will be required to authenticate user.
SPClaimsUtility.AuthenticateFormsUser(Context.Request.UrlReferrer, userName, this.txtPassword.Text)
3.       In the next step we authorize user with the user claims as below:
string userRole = Project1.GetUserRole(claimsIdentity);
       string personId = Project1.GetPersonId(claimsIdentity);
       string email = Project1.GetUserEmail(claimsIdentity);
       string displayName = Project1.GetDisplayName(claimsIdentity, ants.USLocaleInUrl);
       string arabicDisplayName Project1.GetDisplayName(claimsIdentity, Constants.UAELocaleInUrl);
          string mobileNumber = Project1.GetMobileNumber(claimsIdentity);

if (claimsIdentity != null)
                {
                    Claim mobileClaim = claimsIdentity.Claims.SingleOrDefault(obj => obj.ClaimType == Constants.MobilePhoneClaimType);
                    if (mobileClaim != null)
                    {
                        return mobileClaim.Value;
                    }

4.       If the user authentication fails,we validate from SQL DB using aspnet membership provider.
The method used is (provider.ValidateUser) which validates whether a user with specified credentials are present in DB and returns value as true or false.

        







at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Export Import Content Types in SharePoint using Powershell CSOM In SharePoint, we have lists and libraries for collaboration purposes....

  • Central Admin content DB in Suspect Mode
    Central Admin content DB in Suspect Mode There are a few times when the central admin content DB gets into suspect mode for no reason....
  • (no title)
    Export Import Content Types in SharePoint using Powershell CSOM In SharePoint, we have lists and libraries for collaboration purposes....
  • Deploy solutions in Sharepoint
    We need to deploy solutions in SharePoint through wsps. There are generally 2 commands : First is to Add the solution ,then to instal...