Export (0) Print
Expand All

Authentication in SharePoint 2013 learning roadmap

SharePoint 2013

Updated: April 16, 2013

Summary: Use this learning roadmap to build expertise in the authentication technologies in SharePoint 2013.

Applies to:  SharePoint Server 2013 | SharePoint Foundation 2013 

SharePoint 2013 makes it easy for people to work together. SharePoint 2013 enables you and your employees to set up web sites to share information with others, manage documents from start to finish, and publish reports to help everyone make informed decisions. Authentication in SharePoint 2013 defines how users, apps, and servers obtain authenticated access to protected SharePoint resources

If you are new to authentication in SharePoint 2013, this article can help you identify what you need to learn to develop expertise about authentication methods for SharePoint 2013. It includes prerequisite topics that explain fundamentals about the web infrastructure. Learn about prerequisite technologies first because SharePoint 2013 builds on them and assumes an understanding of the concepts. Afterwards, you can start to learn about authentication in SharePoint 2013 with the resources in the Level 100 (introductory), 200 (intermediate), and 300 (advanced) sections.

Learning Roadmap Banner

We recommend that you read the topics in the order listed.

Prerequisite information

This section contains links to many articles and books that contain background information that will help you fully understand the different authentication methods that SharePoint 2013 supports.

  • Step 1: Learn about the basic, digest, and anonymous methods of authentication for Internet Information Services (IIS).

    In some cases, you might want to use the basic, digest, and anonymous authentication methods for SharePoint web sites. For an explanation of these authentication methods, see IIS Authentication. For configuration steps, see Configuring Authentication in IIS 7.

    Your goal is to understand the use, role, and comparative advantages of the basic, digest, and anonymous methods of authentication for IIS and how to configure them for web sites that IIS hosts.

  • Step 2: Learn about the NTLM authentication method.

    When you use Windows claims or Windows classic user authentication methods, SharePoint 2013 can use the NTLM authentication method. See Microsoft NTLM and NTLM Authentication Scheme for HTTP.

    Your goal is to understand how NTLM works to authenticate user access to web sites.

  • Step 3: Learn about the Kerberos protocol and authentication method.

    When you use Windows claims or Windows classic user authentication methods, SharePoint 2013 can use the Kerberos protocol and authentication method. For the Kerberos protocol, What Is Kerberos Authentication? and How the Kerberos Version 5 Authentication Protocol Works. For the Kerberos protocol that is used for web authentication, see How Kerberos Works.

    Your goal is to understand how the Kerberos protocol works to authenticate user access to web sites.

  • Step 4: Learn about claims-based authentication.

    We recommend claims-based authentication for user authentication in SharePoint 2013. App authentication and server-to-server authentication required claims-based authentication. See the Claims-based Identity for Windows white paper, An Introduction to Claims, and Claims-Based Architectures.

    Your goal is to understand the following concepts:

    • The benefits of claims-based authentication

    • The components of a claims identity infrastructure: identity provider, security token service, account and attribute store, web-enabled client and server applications, federation provider

    • How claims-based authentication works to authenticate user access to web sites

  • Step 5: Learn about Open Authorization (OAuth).

    SharePoint 2013 uses OAuth for app authentication and server-to-server authentication. See About OAuth, OAuth 2.0 Tutorial, and “Section 1. Introduction” of RFC 6749.

    Your goal is to understand how OAuth provides an authorization mechanism to obtain access to protected resources.

  • Step 6: Learn how to create a public key infrastructure (PKI) with Active Directory Certificate Services (AD CS).

    Some authentication methods require installed digital certificates on servers that run SharePoint 2013. These certificates can be purchased from a third-party certification authority or you can deploy your own PKI. You can deploy your own PKI with AD CS. See Designing a Public Key Infrastructure.

    If you have to have AD CS for your PKI, your goal is to understand how to deploy an AD CS-based PKI and request specific types of certificates from an AD CS server.

  • Step 7: Learn how to configure HTTPS websites with Internet Information Services (IIS).

    Some authentication methods require HTTPS-based communication with servers that run SharePoint 2013 and that use IIS to host their web sites. See How to Set Up SSL on IIS 7.

    Your goal is to understand how to configure certificate bindings and enable HTTPS for web sites that run on IIS.

Level 100

The following documents contain introductory information about authentication in SharePoint 2013.

Level 200

The following content contains intermediate information about authentication in SharePoint 2013.

Level 300

The following content contains advanced information about authentication in SharePoint 2013.

  • Step 1: Learn how to create custom claims providers for SharePoint 2013.

    See Claims Walkthrough: Writing Claims Providers for SharePoint 2010.

    note Note:

    Although this article is for SharePoint 2010, the content also applies to SharePoint 2013.

    Your goal is to understand how to augment claims and provide name resolution in a custom claims provider for SharePoint 2013.

  • Step 2: Understand claims-based user authentication processes in SharePoint 2013.

    See the " Overview of Advanced Claims-Based Authentication Scenarios " section in Claims Architecture and Scenarios for SharePoint 2010 Developers.

    Your goal is to understand the high-level architecture for claims-based user authentication in SharePoint and the detailed processes for Windows, forms-based, and SAML-based claims authentication.

  • Step 3: Understand the browser interaction for claims-based user authentication in SharePoint 2013.

    See Appendix B of A Guide to Claims-Based Identity and Access Control (Second Edition).

    Your goal is to understand the set of messages and their contents for various types of claims-based user authentication.

Ongoing learning

  • Share-n-dipity blog.

    See Share-n-dipity.

    Your goal is to keep up-to-date with Microsoft Principal Consultant Steve Peschka, a leading expert in SharePoint authentication issues.

Additional Resources

Feedback

Your feedback is valuable and welcome! Please rate this content by using the Did you find this helpful section at the bottom of the article, or send your comments and suggestions to SharePoint IT Documentation Feedback (itspdocs@microsoft.com). The author will review your comments and use them to help improve this documentation. Your e-mail address won't be saved or used for any other purposes.

Change History

Date Description

April 16, 2013

Added the new user authentication process and test lab guide overview videos.

February 5, 2013

Initial publication

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft