Apr 05, 2016

When we start working with security in SharePoint you have to understand that SharePoint in itself is not an Authentication Provider. What I mean by authentication provider is the component that is responsible for authenticating users to a particular system. One of the most common authentication providers that SharePoint uses is Active Directory.

Now that we know SharePoint (SP) relies on active directory or AD, we can look at how it works with AD to do the authentication. One of the common modes is claims based authentication, this works in the following way:

1. If the user is not authenticated yet, they will send an anonymous access request to a SP resource
2. SP checks to see if the resource can be accessed anonymously
3. If the user cannot access the resource anonymously, SP will ask the user for authentication credentials.
4. The user then provides the authentication credentials and send it to SP
5. SP then send this authentication credentials to AD, this will allow AD to perform the authentication
6. If AD has authenticated it will create a security token that contains the information of the user and the authenticated status
7. AD sends back this security token and SP will check this user against all the security groups in AD and find out to which groups it belongs
8. SP then uses is STS (Secure Token Service) to create a claims security token that will now be cached for the whole farm.