SharePoint24x7 It's all about SharePoint.

17Jul/130

Article – Authentication Improvements in SharePoint 2013

Posted by Joy

Authentication is the process which verifies the identity of the user when accessing a web application. It tells web application "who you are". We need to specify the authentication process when we create a new web application. In SharePoint 2010, it was recommended to use Windows Classic-mode authentication when creating a new web application. It was not recommended to use Claims-based authentication since some of the features such as People Picker, SQL Server Reporting Services were not claims aware in SharePoint 2010.

In SharePoint 2013, Windows Classic-mode authentication is deprecated and no longer recommended to use. In SharePoint 2013, it is recommended to use Claims-based authentication when creating a new web application. Don't worry, this is the only option you will see in Central Administration site when creating a new web application. However, it still support creating a web application with Windows Classic-mode authentication using Windows PowerShell and keep it mind that it is NOT recommended.

Following Claims-based authentication modes are available in SharePoint 2013:

  • Windows claims
  • Security Assertion Markup Language (SAML)-based claims
  • Forms-based authentication claims

SharePoint 2013 introduces several enhancements into the authentication engine by extending SharePoint Claims-based authentication via OAuth 2.0 – Open Authorization 2.0. OAuth is an industry standard protocol that provides temporary redirection based authorization.

Following are the key improvements in the Claims Infrastructure in SharePoint 2013:

  • Easy migration to Windows-based claims – when migrating from SharePoint 2010 to SharePoint 2013, Convert-SPWebApplication PowerShell cmdlet help us to easily migrate SharePoint 2010 windows-based claims into SharePoint 2013
  • Login tokens cached in in the Distributed Cache Service
  • Better Logging Support – makes troubleshooting of authentication related much easier as it logs lot of authentication related events