SharePoint 2010 : Implementing Authentication Scenarios

2/25/2011 11:13:55 AM
SharePoint can support various authentication scenarios. SharePoint has been used successfully for Internet, intranet, and extranet scenarios. And with the new features in SharePoint 2010, Microsoft has made substantial improvements to better support the different authentication scenarios including multi-authentication scenarios, mixed-mode authentication scenarios, alternate access mappings, and improvements for mobile access.

Configuring Mixed-Mode Authentication Scenarios

Mixed-mode authentication, illustrated in Figure 1, uses the same approach used in SharePoint 2007 for authenticating different types of users with different authentication providers. In mixed-mode authentication, the primary web application uses the default security zone with Windows authentication. To use more than one authentication provider, the primary web application must be extended to another IIS application. Each IIS application requires a unique URL. A different authentication provider can be configured for each IIS application. SharePoint recognizes the new IIS applications as part of the primary web application. As a result, the specific IIS applications share the same content (content databases) in SharePoint.

Figure 1. Mixed-mode authentication.


An IIS application supports only a single scheme or protocol. Therefore, two IIS applications are required to support HTTP and HTTPS individually.

Configuring Multiple Authentication Scenarios

Multi-authentication mode, illustrated in Figure 2, differs in that it allows for multiple authentication types to be specified on a single web application and does not require a web application to be extended. This allows users to choose the type of login they want to use on the web application.

Figure 2. Multi-authentication mode.

Multiple Authentication Versus Mixed Authentication

Table 1 shows a comparison between multimode authentication and mixed-mode authentication, and some of the common usage scenarios for each.

Table 1. Multimode Versus Mixed-Mode Authentication
 Multi-Authentication ModeMixed-Mode Authentication
AdvantagesSingle URL with multiple authentication providers

Open standard (more support for third-party authentication systems)

Support for complex
Automated authentication
DisadvantagesSingle prompt for authentication typeSingle URL per authentication provider
Common use scenariosSingle experience for different types of users

Single URL experience

Partner/collaboration sites

Federation between two organizations
Different protocols on different channels:

Intranet (HTTP)

Extranet (HTTPS)

Isolation of authentication providers:

Internet sites

Publishing portal authored by employees and consumed by customers

Using Alternate Access Mappings in Extranet Deployments

Alternate access mappings (AAM) are rules used by SharePoint that describe how to map web requests to the proper web application and site. It tells SharePoint what URLs to return in the content so that users can properly navigate the SharePoint site. Most commonly, AAMs are used with reverse proxy-publishing and load-balancing scenarios. A reverse proxy is a device that sits between the end user and the SharePoint server. Requests made to the SharePoint server are first received by the reverse proxy firewall, such as an Internet request via HTTPS. The reverse proxy will then forward the request to the SharePoint server as an HTTP request. This process is referred to as off-box Secure Sockets Layer (SSL) termination. The AAMs are used to translate the internal URL back to the correct public URL. This ensures that the end user navigates the SharePoint site seamlessly when accessing resources from an external URL. Additional AAM scenarios include forwarding the web requests to different port numbers.

Understanding Host-Named Site Collections

In SharePoint, host-named site collections provide a scalable hosting solution with distinct host names or URLs for accessing specific site collections. This allows a user to access a specific root-level site collection using a unique URL, a concept commonly referred to as a “vanity” URL. A single web application can support up to 100,000 host-named site collections. Host-named site collections are only available through the default security zone. Also, users authenticated through other zones cannot access host-named site collections.

In SharePoint 2010, host-named site collections support off-box SSL termination. With host-named site collections, the reverse proxy server cannot modify the host name or the port number (except to 80 and 443 for SSL). Administration of host-named site collections is available through Windows PowerShell commands.

Examining Mobile Administration for SharePoint Extranets

Mobile administration has been very limited in previous versions of SharePoint. In SharePoint 2010, mobile administration has been improved by supporting common mobile interfaces, making improvements to leverage mobile technologies such as SMS, and improving the support for accessing SharePoint websites across firewalls using SSL. Mobile views are enabled by default for most lists and libraries. Custom lists and libraries, and libraries that were created in a previous version of SharePoint (via upgrade), are not enabled by default. Some lists and libraries will contain views where a mobile view is not available, such as the datasheet view and the Gantt view.

In SharePoint 2010, users can enable email and SMS alerts on changes made in SharePoint lists, libraries, or items. For extranet SharePoint websites that are published across the firewall using SSL, administrators must specify a cross-firewall access zone. A cross-firewall access zone is used for generating proper external client and mobile URLs for mobile alert messages. This enables users to send an externally accessible URL from SharePoint by clicking the E-Mail a Link button on the Library Tools or List Tools on the Ribbon.


To enable SMS alerts in the SharePoint farm, a mobile account for an SMS service must be configured. The mobile account to be configured via central administration or PowerShell. In Central Administration, to enable SMS with the same mobile account, click System Settings, and then under E-Mail and Text Messages (SMS), click Configure Mobile Account. In Central Administration, to enable SMS with the specific mobile accounts per web application, under the Application Management section, click Manage Web Applications. On the Web Applications page, choose the web application to configure. In General Settings on the Ribbon, click Mobile Account.

  •  Designing and Configuring Unified Messaging in Exchange Server 2010 : Unified Messaging Installation (part 3)
  •  Designing and Configuring Unified Messaging in Exchange Server 2010 : Unified Messaging Installation (part 2)
  •  Designing and Configuring Unified Messaging in Exchange Server 2010 : Unified Messaging Installation (part 1)
  •  Hosting a Multi-Tenant Application on Windows Azure : Single-Tenant vs. Multi-Tenant & Multi-Tenancy Architecture in Azure
  •  Understanding SharePoint 2010 Extranet Security
  •  Sharepoint 2010 : Outlining Common Extranet Scenarios and Topologies
  •  Sharepoint 2010 : Virtual Machine Management with System Center Virtual Machine Manager
  •  Designing and Configuring Unified Messaging in Exchange Server 2010 : Unified Messaging Architecture (part 3)
  •  Designing and Configuring Unified Messaging in Exchange Server 2010 : Unified Messaging Architecture (part 2)
  •  Designing and Configuring Unified Messaging in Exchange Server 2010 : Unified Messaging Architecture (part 1)
    PS4 game trailer XBox One game trailer
    WiiU game trailer 3ds game trailer
    Video tutorials
    - How To Install Windows 8 On VMware Workstation 9

    - How To Install Windows 8

    - How To Install Windows Server 2012

    - How To Disable Windows 8 Metro UI

    - How To Change Account Picture In Windows 8

    - How To Unlock Administrator Account in Windows 8

    - How To Restart, Log Off And Shutdown Windows 8

    - How To Login To Skype Using A Microsoft Account

    - How To Enable Aero Glass Effect In Windows 8

    - How To Disable Windows Update in Windows 8

    - How To Disable Windows 8 Metro UI

    - How To Add Widgets To Windows 8 Lock Screen
    programming4us programming4us
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    Trailer game