SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Claim Based Authentication || Part 2

Hey Friends,

Back with the topic: Claim Based Authentication. To get the over view of part 1 you can refer the blog:

Claim based authentication || part1

I left at the point

foundation for Claim Based Authentication

and have to start with second point

2) What are the services help to work on it.


The topic which was just a one topic in description of MOSS2007 , who knows will become the future. With the Release 2 of Windows 2003 Server, Microsoft released a feature called Active Directory Federation Service (ADFS) or Geneva Server. The objective of ADFS is to resolve the situation How two completely separate organizations share access to web applications like SharePoint without creating local accounts for the user of other organization. Idea which was coming from mind to practical is simple to understand, but the technique beneath is more advanced and I can just provide a brief of it.

The basic idea of ADFS is to make it possible for an organization to use its own user accounts to get access on a remote web application. For example, assume that you have two companies, ABC and XYZ. User B works for XYZ , and he needs access to a SharePoint site in ABC. B talks to the administrator for the site in ABC, which then grants the XYZ\B account access to the requested site.

The magic in this scenario is managed by adding extra servers to your Active Directory domain, one in each organization. The primary ADFS server is referred to as the federation server and hosts the federation service component. Its primary task is to route incoming requests from the Internet to the web site a user is trying to access. It is also responsible for creating a security token that will be passed on to the web application. The process that validates the external user is the ADFS Web Agent, which runs on the SharePoint server or any Web Server.

You can also protect federation server being exposed to the Internet by installing an optional federation proxy server. Just the same reason for what we use MS-ISA Server.

Protocol behind ADFS is standard Security Assertion Mark-up Language (SAML).

Windows Identity Foundation or Geneva Framework

In life we have to access many different websites, and every website require a different username and password. It would be great if we have one identity/claim/authentication to access thing in whole SharePoint farm.

Windows Identity Foundation is an Application programming interface which can be used to develop a claim enabled application.

I will try to cover the 3rd part in next section.

Feel free to Rate and provide feedback if you find post useful

Hope this help


Reference to understand the same has been take from one of Best book of SharePoint 2010 Admin.

Filed under: SharePoint2010


I am Ashish Banga, and I work as a Senior Software Engineer at an IT Company. I have around 4 years of experience in Microsoft Technology, focusing on SharePoint and also on Windows Server. I work as a SharePoint Administrator. I am a B.Tech Graduate and Microsoft Certified Technology Specialist in SharePoint and also ITIL V3 Foundation Certified. I blog about what I face and what I learn, trying to share with all.


Leave a comment on the original post [ashishbanga.wordpress.com, opens in a new window]

Loading comments...