In The Mix

As a SharePoint architect I have the business behind me and the Developers and IT Pro on my shoulders.

Authentication in SharePoint July 10, 2008

Filed under: SharePoint — fmuntean @ 3:00 pm

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.

Logically, authentication precedes authorization (although they may often seem to be combined).

For SharePoint there are two major types of authentication:


One of the most common and used type of authentication for an Intranet is NTLM or Windows Authentication. The user information is stored into an Active Directory inside the company and a dialog is presented to the user for password validation. By using this authentication mechanism the user needs to know the domain name and most of the times he/she does not have an easy SharePoint access to change the password, however there are third party web part that facilitates the process of resetting the user password.

This method offers the best integration between the client applications and SharePoint.

b. FBA (Form Based Authentication)

Starting with WSS 3.0 / MOSS 2007 a second type of authentication is possible. This is named Form Based Authentication (FBA) as it provides the user with an ASPX page containing a form to fill out with user name and password. This is possible because now SharePoint sits on top of ASP.NET 2.0 Framework.

The FBA from ASP.NET 2.0 is a pluggable mechanism that allows for easy customization of the user authentication mechanism for any web site.

There is already code written for storage of the user credentials on SQL server, Active Directory using ADAM, and SharePoint Lists. The system can be extended to any other storage by writing code in a form of Membership Providers, for storage of the user information, and optionally Role Providers, for storage of the groups.

The most used ones are the AspNetSQLMembershipProvider, and AspNetSQLRoleProvider available out of the box with ASP.NET 2.0 that provide easy configuration of Form Based Authentication using SQL server as a back end storage of the user information.


Why do I show you now a third option when I previously said about only two options for authentication? Because this is the last authentication method that I want to describe and is based on FBA authentication.

Delegated Authentication is nothing else than a custom FBA authentication where you can use a trusted third party outside the company to store and authenticate the users.

One of the authentication providers is Microsoft with its Windows Live ID API that offers Delegated authentication for ASP.NET 2.0 web sites thus giving us the possibility of using it for SharePoint too.

By using a trusted external provider for authentication you are not responsible for storing and maintenance of the user password inside your system, however you will still need to present the user with a way to input the necessary information as user display name, email address, phone number and other information that you see fit.


One Response to “Authentication in SharePoint”

  1. seo blog Says:

    This is a really interesting blog post,I have added your blog to my favourites I really like it,keep up the good work!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s