Basics
Product Tour
Features
Resources
Buy
Customer Support

  • Contents
  • Index
  • Glossary
Iron Speed Designer Help
 

Microsoft SharePoint Authentication and Authorization

Microsoft SharePoint authorization uses SharePoint groups as roles to authorize users.  Microsoft SharePoint security does not require sign in and delegates authentication to the SharePoint server.  It retrieves application user identity from the SharePoint context (Microsoft.SharePoint.SPContext.Current.Web.CurrentUser) and uses this identity to retrieve the groups to which the user is member.  Microsoft SharePoint authentication can be used only with Microsoft SharePoint Groups authorization.

The SharePoint environment hierarchy consists of these levels:

  • SharePoint Farm.  Can include one or more servers which might have dedicated tasks but it always includes at least one content server with content database.

  • SharePoint content server – has content database. Can contain one or more web applications, but at least one.

  • SharePoint Web Application.  This is the application to which the user navigates.  It has a corresponding virtual folder in Microsoft IIS which is mapped to the subfolder of <root>:\Inetpub\wwwroot\wss\VirtualDirectories and has a basic web application structure with such elements as Web.config, \bin folder, resources, themes, etc. It can contain Site collections.

  • SharePoint Site collection – entry in the content database with its own administrators and settings such as theme, lists, features activated, etc.  It also has groups and people specified with basic permissions assigned. Each site collection can contain one or more sites.

  • SharePoint site – in a nutshell this is a single web page saved in the database and rendered when requested. Sites are created by users and implement different functionality.

In SharePoint environments, groups are specific to the Site Collection.  User may belong to groups in different site collections.  A user role is a pairing of site collection and group.  For example, if a page is available to members of the group Viewers in the CustomSiteCollection, members of a group Viewers in the root site collection will not be able to see it.  

Finally different web applications can have site collections and groups with similar names.  It is possible to configure authentication to be specific to certain web applications or to be common for all web applications. If you want to restrict members of site collections with the same names but in a different web application from viewing particular pages or controls, then select roles for specific applications only and Iron Speed Designer will use the combination of  the Web Application’s ID, site collection URL, and group name.

The following special symbols are not allowed in the SharePoint group names:

/, \, ”, ;

These symbols are used as dividers between groups, domains and strings in Iron Speed Designer applications.  If a SharePoint group containing any of these symbols is used to secure a page, it will not be recognized and may lead to a compilation error.