Microsoft SharePoint Authentication and Authorization

Microsoft SharePoint authorization uses SharePoint groups as roles to authorize users.  Microsoft SharePoint security does not require sign in and delegates authentication to the SharePoint server.  It retrieves application user identity from the SharePoint context (Microsoft.SharePoint.SPContext.Current.Web.CurrentUser) and uses this identity to retrieve the groups to which the user is member.  Microsoft SharePoint authentication can be used only with Microsoft SharePoint Groups authorization.

The SharePoint environment hierarchy consists of these levels:

In SharePoint environments, groups are specific to the Site Collection.  User may belong to groups in different site collections.  A user role is a pairing of site collection and group.  For example, if a page is available to members of the group Viewers in the CustomSiteCollection, members of a group Viewers in the root site collection will not be able to see it.  

Finally different web applications can have site collections and groups with similar names.  It is possible to configure authentication to be specific to certain web applications or to be common for all web applications. If you want to restrict members of site collections with the same names but in a different web application from viewing particular pages or controls, then select roles for specific applications only and Iron Speed Designer will use the combination of  the Web Application’s ID, site collection URL, and group name.

The following special symbols are not allowed in the SharePoint group names:

/, \, ”, ;

These symbols are used as dividers between groups, domains and strings in Iron Speed Designer applications.  If a SharePoint group containing any of these symbols is used to secure a page, it will not be recognized and may lead to a compilation error.

See Also

Configuring Your System for Application Security

Configuring Microsoft IIS and IIS Express for Application Security

Configuring IIS Express

Active Directory Role Management

Configuring Microsoft Active Directory

Microsoft Authorization Manager (AzMan) Role Management

Configuring Microsoft Authorization Manager (AzMan)

Microsoft SharePoint Authentication and Authorization

Data Transmission Encryption

Configuring Firewall Security

Handling SQL Injection Attacks