Claims Authentication in SharePoint 2010

Nathan DeWitthttp://nathandewitt.net/

B.A., I need you to get the document from the SharePoint portal. The freedom of the free world depends on it!

I’ll get it done, Hannibal.

Give me this document, fool!I don’t know you. You don’t have a token. You scare me. Can you get someone I trust to tell me who you are?

SharePoint 2010

Typical User

This fool says I scare him! You’re an Identity Provider he trusts. Tell him I’m cool!

Ok, let me go talk to the Secure Token Service and get a token for you.

Identity ProviderTypical User

STS, I need a token so B.A. can access this SharePoint server.

Let me look up his record…Ok, here’s a token where I verify all of these claims.

Identity Provider Secure Token Service

Token

B.A. Baracus•Sgt First Class•US Army Special Forces•Jamaican Defense Force•Silver Star Recipient•Mechanical Genius

Here you go, Mr. Baracus. Took you long enough.

Identity ProviderToken

Typical User

Give me this document, fool! Processing…

SharePoint 2010

Token

Typical User

Ok, now I need to convert this token into a ClaimsIdentity…

Now I will convert the ClaimsIdentity into an SPUser.

Token

ClaimsIdentity Instance

SharePoint 2010 SharePoint 2010

ClaimsIdentity Instance

SPUser

Yup, this scary guy is on the list to access the document.

Here’s your document, Mr. Baracus.Took you long enough.

SharePoint 2010Typical

Document

Typical User

That’s what I’m talking about! I love it when a plan comes together.

Typical Document