SharePoint 2010 and Windows Identity Foundation presentation

There’s a great video on SharePoint 2010 and how it uses Windows Identity Foundation here. http://microsoftpdc.com/Sessions/SVC26  It was delivered by Sesha Mani, Senior Program Manager at Microsoft. I recommend checking it out!

Here are some points:

• In SharePoint 2007 you have three options for authentication, Windows Integrated security (Active Directory), or custom built Role Providers, or the WebSSO method.

• SharePoint 2010 introduces a “claims-based identity” model built with the Windows Identity Framework. In effect this moves much of the identity logic into being provided by the .NET framework, not by SharePoint itself. SharePoint becomes a consumer of WIF’s claims based identity model.

• SharePoint 2010 retains support for the existing identity sources: Active Directory, LDAP, MS SQL Server and WebSSO.

• Windows Identity Foundation is a framework for building claims-based applications, and also for producing services that provide identity information (Security Token Service, STS). Microsoft calls this being claims-aware. It provides support for both ASP.NET and Windows Communication Foundation (WCF) developers. The WS-Federation standard is used for ASP.NET, and WS-Trust is used for WCF.

• New to SharePoint 2010 is the ability to use multiple authentication methods with the one web application. In SharePoint 2007 it was necessary to use “extended web applications” with different URLs. SharePoint 2010’s web application administration pages allow the user to pick multiple models.

• Claims based identity is used across all SharePoint server roles, Web front end, shared service applications, and database.

Implementation

• A number of ASP.NET HTTPModules are used, FederatedAuthentication,  SessionAuthenticaiton, SPWindowsClaimsAuthentication, all within the Microsoft.SharePoint.IdentityModel namespace.

• The web front end servers run a Security Token Service Application. This serves as a Security Token Service which issues a number of claims.