Skip to main content

Custom Claim base Authentication with Example & Source Code

Image
By

Claim-based Identity
  1. This new type of authentication and authorization in way in SharePoint 2010.
  2. A trusted authority (Issuer) issues a signed security token containing a set claims (credentials) which is given to the application for validation. The application will authenticate the user if the security token is valid and signed by a trusted issuer.
  3. Applications using this type of authentication do not have to verify all the credentials.
Example Claim Based Authentication
Someone who determines your company's security policy can make those rules and buy or build the issuer. Your application simply receives the equivalent of a boarding pass. No matter what authentication protocol was used, Kerberos, SSL, forms authentication, or something more exotic, the application gets a signed set of claims that has information it needs about the user. This information is in a simple format that the application can use right away.
Geneva framework
Microsoft has created a framework, called Geneva, providing “simplified user access and single sign-on, for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web”.
Geneva has been renamed the Windows Identity Foundation and contains logic for building claims-aware ASP.NET or WCF applications. .
The Geneva Server is called Active Directory Federation Services now and “is a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access”. 
Implementation :- External Claim based authentication
  1. User comes into the external Site.
  2. Login into the site and Getting the security token form there. Click that token and redirected to the STS Site. STS site creating a claim according to the security token and redacted to SharePoint Site. If user exist then allow the user to login else display access denied message. This is achieve  using STS (SharePoint Token Services).
  3. In this Example I  am using “uniqueiD”  as a Claim.
  4. Source Code Contains 
  5. Certificate
  6. STS Site
  7. External Site
Steps
  1. Creating Claim based Web Application.
  2. Add certificate to server.
  3. Creating Claim using Power Shell.
  4. Give permission Certificate.
    1. Be sure to grant rights to the certificate for the App Pool running the web service
    2. MMC, add certificates snap-in
    3. Local machine, personal certificates
    4. Right-click, all tasks
    5. Manage private keys
    6. Add app pool account 
  5. Host Site “STS”.
    1. Change Framework 2.0 to 4.033333
    2. SharePoint Site and STS Site Having a Same Identity Pool User.
  6. Create external Site that will generate the token.
  7. Apply token to SharePoint Site.

Please email me your email id so i can share with you this video

Claim based Authentication External System Part 1



Claim based Authentication External System Part 2



Source Code
Labels:

Comments

  1. Anonymous23 January 2012 at 09:58

    Hi, your attached youtube video says "this video is private"

    ReplyDelete
  2. Anonymous13 March 2012 at 22:53

    Please share videos to ragava28@gmail.com

    ReplyDelete
    Replies
    1. Unknown3 February 2013 at 08:08

      Please share videos to somasekhar.akiri@gmail.com

      Delete
  3. Anonymous6 November 2012 at 05:51

    Please share to royfr67@hotmail.com

    ReplyDelete
  4. Anonymous17 November 2012 at 02:41

    Please share videos to sharique4[at]gmail.com

    ReplyDelete
  5. Unknown3 February 2013 at 08:09

    Please share videos to somasekhar.akiri@gmail.com

    ReplyDelete

Post a Comment

Popular posts from this blog

SharePoint RPC Protocols Examples Using OWSSVR.DLL

By
What is SharePoint RPC Protocols? Part 1 This reference includes information about the methods and usage of SharePoint Foundation Remote Procedure Call (RPC) protocol. This protocol can be used in Win32-based applications or in ASPX applications to make HTTP POST requests to the server. Methods in this protocol that do not modify the contents of the database can also be used in URL protocol to make HTTP GET requests. Definition taken from http://msdn.microsoft.com/en-us/library/ms448359.aspx You will find the OWSSVR.DLL in SharePoint 2010 Server Physical Path: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ISAPI and MOSS C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\ISAPI OWSSVR.DLL List of commands DialogView  Display ExportList GetProjSchema GetUsageBlob HitCounter RenderView To read more about the OWSSVR.DLL command Please read the URL Protocol from Microsoft Blog having a URL http://msdn.microsoft.com/en...
1 comment
Read more

SharePoint 2013 Search Database Part 1

By
SharePoint 2013 Search architecture drastically change, as earlier in FS4SP 2010 we have 2 search applications “FASTContentSSA” and “FASTQuerySSA” and 7 total database in use. Following are the List of DB (FS4SP) FASTContentSSA Search Service Application DB Search Service Application Crawl Store DB Search Service Application Property Store DB FASTQuerySSA Search Service Application DB Search Service Application Crawl Store DB Search Service Application Property Store DB FASTSearchAdminDatabase : Fast Search Admin Database  In SharePoint 2013 search has only 1 Search Service application and 4 database in use. No property store database need any more, now the properties are directly stored inside the index component and all the index directly indexed to the physical system where FS4SP data comes from database as well as from the File system now data directly stored and indexed/ retried from the Physical disk because of this performance increase and search experien...
Post a Comment
Read more

STS CryptographicException Error : Key set does not exist

By
Common mistakes Both SharePoint Site and SSO Site NOT running on the same application pool. Application pool identity user doesn’t have permission to access the certification.  Solution to this problem Set the same identity pool to  : 2. Be sure to grant rights to the certificate for the App Pool running the web service Start -> Run -> MMC File -> Add/Remove Snapin Add the Certificates Snap In Select Computer Account, then hit next Select Local Computer (the default), then click Finish On the left panel from Console Root, navigate to Certificates (Local Computer) -> Personal -> Certificates You're certificate will most likely be here. Right click on your certificate -> All Tasks -> Manage Private Keys Set you're private key settings here. Add app pool account Reset iis
Post a Comment
Read more