Leverage and Extend Claims based identity in SharePoint 2010

Windows Identity Foundation (WIF) is the platform on which SharePoint 2010 claims authentication is based. WIF, which is fully supported in SharePoint 2010, ADFS 2.0, ASP.NET, Windows Communication Foundation (WCF), and any other .NET application you care to develop, provides the infrastructure necessary to generate, transmit, and process claims-based identity in a simple and straightforward manner. It removes the roadblocks imposed by legacy authentication schemes like NTLM and Kerberos and puts control directly into the hands of developers, users, and IT security professionals. long story short, it’s a framework written to help solve identity issues common in the of cloud computing and service-oriented architecture.

The idea of claims based identity is one that many people are willing to try. Getting accurate information out there to the public though does take time.

The important point is this is based on industry standards.  Many different entities are on board along with Microsoft in this matter. The digital world continues to give us new opportunities and those involved believe that this will help all of us to get the most out of it. There is a strong foundation in place to continue building upon. The use of AD FS v2, CardSpace, and Windows Identity Foundation are all important pieces of this puzzle.

As a demonstration of these capabilities, I’ll show how SharePoint 2010, WCF,and WIF can be put together to solve the identity delegation problem. In this demo session part 1 I start establishing the trust relationship between ADFS 2.0 and SharePoint with PowerShell and demonstrate how the claims get into SharePoint.Then we build and deploy a claims viewer Webpart with WIF programming model. In part 2 We start with a web service that is front-ending line-of-business information stored in a SQL database. Then, we’ll configure it to use WIF to request the calling user’s claims from SharePoint and process the token so that authorization decisions can be made. we’ll surface this information in SharePoint 2010 as an External Content Type using Business Connectivity Services (BCS).

This session was presented in SharePoint Saturday Melbourne 2010  in Oct 2010  and MOSSIG user group Nov 2010.

images

Click here to view a recorded screencast of this session. 

The slide deck of this session is shared here

The SharePoint Claims Viewer Visual WebPart VS2010 solution,  Claims based WCF Service VS2010 solution and necesssary powershell scripts to add and remove identity provider in SharePoint 2010 can be downloaded from here.
 
I encourage you to look at following links for further information about this topic

One Comment on “Leverage and Extend Claims based identity in SharePoint 2010”

  1. Mahesh says:

    Very informative screencast. I have a different requirement and I am not sure whether it would be possible to implement with the rights I have in SharePoint. I am a Site collection admin (with no rights on the farm itself). Permissions are setup on my site so that all users (using a AD group called all_employees) can access the site. However I would like to protect some libraries on the site by checking certain claim token that is returned after authentication. The claim token ’empType’ can have value of ‘fulltime’ or ‘hourly’. If the claim token ’empType’ value is ‘fulltime’, user should be authorised to view the library, else NO. How do I implement such a requirement ?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s