Claim Based Authentication || Part 3

ashishbanga28, 2012-11-14

Hey Friends,

Back with the topic: Claim Based Authentication. For this topic blogs becomes too large and still feel learning is too short to describe Claim based Authentication.

To get the previous part over view you can refer the blog:

Claim based authentication || Part1

Claim based authentication || Part2

I left at

Description of ADFS

and have to start with Last point

3) How the package is prepared and brought to the forefront in SharePoint 2010.

Claims-Based Authentication is successful with 3 ideology.

WIF(Windows Identity Foundation) ie. called the “Geneva Framework” is an application programming interface which can be used to develop a claim enabled application. It provide a framework to the application to make it claim enable and also to create custom security token service. With the help of WIF Companies/Farms/Organizations uses a single identity model.

ADFS 2.0 : ie. called “Geneva Server,” is a service which is fully responsible for providing security token using security token service. For providing token it can used AD, LDAP and SQL as an identity and attribute store. It is supported by both active (WS-Trust) and passive (WS-Federation) mode.

Windows CardSpace 2.0: is an technology to select identity and help to logon to a website by replacing username and password with your identity. It is the repository of identity and represent the info in form of information cards.


Main components which can be extracted from above 3 are : tokens, identity providers, and Security Token Service.


Steps to explain authentication process:

1. When a person browse a site , web browser will request for a token from STS. This request is made using Active mode of ADFS (WS-Trust). The request includes the name of the user for whom the token is requested and an identifier that will give description of application the user is trying to access.

2. STS will look for the information and it verification. Information can be stored in any of source ex:- AD, LDAP and MS-SQL. After verifying the information of user , STS will issue a token which is then returned to the browser. Token which is issued by STS has been issued by and identity provider and who will be responsible for the validation of token or the information.

3. Once the token is received by browser it will forward the same to a web application. On the basis of that token, Application will verify the information and confirms that it is originated from trusted STS (as a trusted STS will be supported by Identity provider) . In this way authentication of a user is done.

Hope I was able to describe the content based on my knowledge and learning.

Feel free to Rate and provide feedback if you find post useful

Hope this help


Filed under: SharePoint2010





Related content

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

Robert Davis


1,567 reads

Networking – Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I’d like to talk about social networking. We’ll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let…

Andy Warren


1,530 reads

Speaking at Community Events – More Thoughts

Last week I posted Speaking at Community Events – Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I’ve got a few more thoughts on the topic this week, and I look forward to your comments.

Andy Warren


360 reads