Custom Claim base Authentication with Example & Source Code

Claim-based Identity
  1. This new type of authentication and authorization in way in SharePoint 2010.
  2. A trusted authority (Issuer) issues a signed security token containing a set claims (credentials) which is given to the application for validation. The application will authenticate the user if the security token is valid and signed by a trusted issuer.
  3. Applications using this type of authentication do not have to verify all the credentials.
Example Claim Based Authentication
Someone who determines your company's security policy can make those rules and buy or build the issuer. Your application simply receives the equivalent of a boarding pass. No matter what authentication protocol was used, Kerberos, SSL, forms authentication, or something more exotic, the application gets a signed set of claims that has information it needs about the user. This information is in a simple format that the application can use right away.
Geneva framework
Microsoft has created a framework, called Geneva, providing “simplified user access and single sign-on, for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web”.
Geneva has been renamed the Windows Identity Foundation and contains logic for building claims-aware ASP.NET or WCF applications. .
The Geneva Server is called Active Directory Federation Services now and “is a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access”. 
Implementation :- External Claim based authentication
  1. User comes into the external Site.
  2. Login into the site and Getting the security token form there. Click that token and redirected to the STS Site. STS site creating a claim according to the security token and redacted to SharePoint Site. If user exist then allow the user to login else display access denied message. This is achieve  using STS (SharePoint Token Services).
  3. In this Example I  am using “uniqueiD”  as a Claim.
  4. Source Code Contains 
  5. Certificate
  6. STS Site
  7. External Site
  1. Creating Claim based Web Application.
  2. Add certificate to server.
  3. Creating Claim using Power Shell.
  4. Give permission Certificate.
    1. Be sure to grant rights to the certificate for the App Pool running the web service
    2. MMC, add certificates snap-in
    3. Local machine, personal certificates
    4. Right-click, all tasks
    5. Manage private keys
    6. Add app pool account 
  5. Host Site “STS”.
    1. Change Framework 2.0 to 4.033333
    2. SharePoint Site and STS Site Having a Same Identity Pool User.
  6. Create external Site that will generate the token.
  7. Apply token to SharePoint Site.

Please email me your email id so i can share with you this video

Claim based Authentication External System Part 1

Claim based Authentication External System Part 2

Source Code


  1. Hi, your attached youtube video says "this video is private"

  2. Please share videos to

    1. Please share videos to

  3. Please share to

  4. Please share videos to sharique4[at]

  5. Please share videos to


Post a Comment

Popular posts from this blog

SharePoint RPC Protocols Examples Using OWSSVR.DLL

STS CryptographicException Error : Key set does not exist

Query suggestions in SP 2013 Using Rest API (/_api/search/suggest)