Security is very much important in a business solution. Because business needs, if a user does not have permission he should not be able to view, edit or delete sensitive pages. And also if a user has permission, he should able to visit pages, items or documents.
Authentication: It is the process of getting the identity of a user. You can authenticate people with the use of Windows account stored in Active directory. This authentication happen when a user logged in to the computer. Once authenticated we can retrieve name as below:
WindowsIdentity identity = WindowsIdentity.GetCurrent;
string WindowsLoginName = identity.Name;
Also you can use forms based authentication which is performed by IIS to authenticate a user.
Another type of authentication mechanism is claims based authentication, which is performed by using Security token service. The benifit of STS is it separates authentication from the application, that means authentication can happen in different domains.
In case of claim based authentication, you can retrieve the name of the current user using the IClaimsldentity iterface as below:
IClaimsIdentity claimsUser = (IClaimsIdentity)Page.User.Identity;
string claimsCurrentUserName = claimsUser.Name;
SharePoint does not perform any authentication on its own. It depends on IIS or STS for its authentication.
If it is configured as classic mode then sharepoint will depend on IIS and If it is configured as claims mode, then it depends on STS.
Now once the user is authenticated, it is time for Authorization, Authorization is the process of determining what resources are available to an authenticated user. In case of claim authentication, you can use IClaimsIdentity to check about the authorization.
Unlike authentication, authorization is done by SharePoint.
SharePoint maintains a user security token, which identifies the authentication mechanism and a list of groups, membership roles for the user, or both. SharePoint is able to read the groups and membership roles of the current user very efficiently at run time by examining this token. The structure of this token varies depending on whether the user is authenticated in Classic Mode or Claims Mode.
If in your web.config has entries <identity impersonate="true" />, then SharePoint tells asp.net runtime to process all requests under the Windows security context of the current user.
Windows security context take the identity of IUSR_MACHINENAME account.
Authentication: It is the process of getting the identity of a user. You can authenticate people with the use of Windows account stored in Active directory. This authentication happen when a user logged in to the computer. Once authenticated we can retrieve name as below:
WindowsIdentity identity = WindowsIdentity.GetCurrent;
string WindowsLoginName = identity.Name;
Also you can use forms based authentication which is performed by IIS to authenticate a user.
Another type of authentication mechanism is claims based authentication, which is performed by using Security token service. The benifit of STS is it separates authentication from the application, that means authentication can happen in different domains.
In case of claim based authentication, you can retrieve the name of the current user using the IClaimsldentity iterface as below:
IClaimsIdentity claimsUser = (IClaimsIdentity)Page.User.Identity;
string claimsCurrentUserName = claimsUser.Name;
SharePoint does not perform any authentication on its own. It depends on IIS or STS for its authentication.
If it is configured as classic mode then sharepoint will depend on IIS and If it is configured as claims mode, then it depends on STS.
Now once the user is authenticated, it is time for Authorization, Authorization is the process of determining what resources are available to an authenticated user. In case of claim authentication, you can use IClaimsIdentity to check about the authorization.
Unlike authentication, authorization is done by SharePoint.
SharePoint maintains a user security token, which identifies the authentication mechanism and a list of groups, membership roles for the user, or both. SharePoint is able to read the groups and membership roles of the current user very efficiently at run time by examining this token. The structure of this token varies depending on whether the user is authenticated in Classic Mode or Claims Mode.
If in your web.config has entries <identity impersonate="true" />, then SharePoint tells asp.net runtime to process all requests under the Windows security context of the current user.
Windows security context take the identity of IUSR_MACHINENAME account.
Hello, my name is Bijay. I'm a SharePoint MVP. 