IT tutorials
 
Applications Server
 

Microsoft Sharepoint 2013 Authentication (part 2) - Configuring a Claims Web Application - Creating a New CBA Application, Configuring an Existing CBA Web Application

12/23/2014 8:05:24 PM
- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

Configuring a Claims Web Application

I demonstrated how to create a new web application in SharePoint 2013. Since all user web applications are CBA applications in SharePoint 2013, I shall summarize the same steps, but provide additional details for the configuration of different authentication methods (NTLM, Membership Provider, etc.). Further, in this section, I shall demonstrate how to make changes to the authentication methods for an existing web application.

Creating a New CBA Application

The following set of steps demonstrates how to create a new Claims-Based-Authentication aware web application in SharePoint 2013. The steps below demonstrate creating our application via Central Administration.

  1. Open Central Administration.
  2. Click the Manage web application link.
  3. Click the New button in the ribbon.
  4. Under the IIS Web Site section, give the web application a name, port number, host header (optional), and path (default is fine).
  5. Under the Security Configuration, check Allow Anonymous if you intend to make your application available to anonymous users.
  6. Click User Secure Sockets Layer (SSL) if you have a certificate ready for your application.
  7. Skip the Claims Authentication Types and Sign In Page URL sections (we’ll come back to these in a moment).
  8. Leave the public URL as default, unless you need to change it.
  9. Create a new application pool (unless you wish to reuse one of the existing ones). It is generally good practice to give each web application its own application pool, so you can recycle it without affecting other applications.
  10. In the Database Name and Authentication section, provide a name for the database, and credentials for application to access the content database—I usually leave the credentials blank and SharePoint uses the farm account.
  11. If you have a mirrored failover database server, you may specify it in the Failover Server section.
  12. Select the associated service applications in the Service Application Connections section.
  13. Finally, choose to opt in or out for the Customer Experience Improvement Program.
  14. At this point, we are ready to look closer at the Claims Authentication Types and Sign In URL sections—scroll back up until you see the dialog like in Figure 1.

    9781430249412_Fig08-03.jpg

    Figure 1. Claims authentication types

  15. Out of the box, SharePoint supports Windows and Membership Provider authentication types.
  16. Windows Authentication comes in two flavors: NTLM and Kerberos, with NTLM being most typical. Kerberos is a ticket-based authentication system and recommended by SharePoint. However, using Kerberos requires that you configure the application pool account as NETWORK SERVICE or a domain account configured for Kerberos. In most all scenarios I have come across, administrators use NTLM.
  17. You should not allow Basic Windows Authentication unless you have a good reason to do so—this option passes passwords in plain text and was the only way to allow Netscape and early non-Microsoft browsers to authenticate with SharePoint. Most modern browsers, including Firefox, support NTLM.
  18. Forms-Based-Authentication (FBA) uses the traditional Membership and Role Provider model to incorporate custom, SQL, or AD authentication with a forms login page.

     Note  Developers should note that custom Membership and Role Provider code now runs under the STS Web Service Application Pool, so SPContext and HttpContext objects may return null.

  19. Check Enable ASP.NET membership and specify either or both Membership and Role providers. Membership providers concern themselves with authentication and users, whereas Role providers expose custom groups.

    The last option in the Claims Authentication Types section is for Trusted Identity Providers. SharePoint allows you to specify an IPSTS as trusted provider. An IPSTS forwards users to separate login pages to authenticate users, before returning SAML tokens containing claims. I discuss use of Trusted Identity Providers (specifically ADFS) in the section titled “Federated Authentication.”

  20. The Sign In URL section includes a toggle option to use the default SharePoint sign in page or a custom sign in page you specify.
  21. If you have multiple authentication types selected the default sign in page shows a drop-down option when you attempt to authenticate (see Figure 2).

    9781430249412_Fig08-04.jpg

    Figure 2. Default Sign In Page, with multiple authentication types

Configuring an Existing CBA Web Application

In this section, we shall configure an existing CBA web application to use claims-aware providers.

  1. Open Central Administration.
  2. Click the Manage web application link.
  3. Select an existing web application in the list shown.
  4. Click the Authentication Providers icon in the ribbon, and SharePoint will display a dialog like that in Figure 3.

    9781430249412_Fig08-05.jpg

    Figure 3. Authentication providers for a web application

  5. The dialog in Figure 3 shows the authentication type assigned to each web application zone in use. In my case I only have one—the default zone. In SharePoint 2010, you had the option of using classic mode or CBA. SharePoint 2013 now insists on CBA, so this is all you should ever see in this dialog.
  6. Click the zone you wish to configure CBA.
  7. SharePoint shows a dialog, similar to that which we saw when creating an application (Figure 1), only now with sections to configure the Claims Authentication Types, Anonymous Access, Sign In Page URL, Client Integration, and an option specific to this dialog for Client Object Model Permissions Requirement.
 
Others
 
- Microsoft Sharepoint 2013 Authentication (part 1) - Legacy Approach—Classic Mode Authentication
- Microsoft Sharepoint 2013 : Claims-Based and Federated Authentication - Digital Identity
- Exchange Server 2013 Management and Maintenance Practices (part 7) - Weekly Maintenance, Monthly Maintenance, Quarterly Maintenance
- Exchange Server 2013 Management and Maintenance Practices (part 6) - Prioritizing and Scheduling Maintenance Best Practices
- Exchange Server 2013 Management and Maintenance Practices (part 5) - Message Tracking
- Exchange Server 2013 Management and Maintenance Practices (part 4) - SMTP Logging
- Exchange Server 2013 Management and Maintenance Practices (part 3) - Auditing the Environment
- Exchange Server 2013 Management and Maintenance Practices (part 2) - Remote Connectivity Analyzer
- Exchange Server 2013 Management and Maintenance Practices (part 1) - Maintenance Tools for Exchange Server 2013
- Microsoft Sharepoint 2013 : Administering Sharepoint with Windows Powershell - Basic PowerShell Usage (part 3) - Controlling Output
 
Youtube channel
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS