Starting from SharePoint Server 2007 it is possible to use the ASP.NET membership and role provider for authentication purposes (meaning you are not limited to pure windows authentication). SharePoint Server 2010 extends on this model by providing claim based authentication.
For authentication 2010 in SharePoint you can choose between 2 models:
- Classic mode authentication
- Claims based authentication mode
Classic mode is provided mostly for legacy purposes since claims is the way forward – take a look at Plan Authentication Methods (SharePoint 2010) on Technet for more details.
If you plan to use anything other then plain windows authentication you have to go for claims based authentication (CBA). Claims based authentication in 2010 supports the following underlying authentication mechanisms:
- Windows claims (when you log on with NTLM or the Kerberos protocol)
- Forms-based authentication claims (when you use an ASP.NET membership and role provider – so use a SQL Server or Oracle database as back-end store)
- Security Assertions Markup Language (SAML) claims -when you log on by using a security token service (STS), such as Active Directory Federation Services (AD FS) 2.0.
Claims based authentication in 2010 is implemented on top of Windows Identity Foundation (WIF) – so I recommend that you take a look at this blog post to get you started with a number of resources – Windows Identity Foundation resources for SharePoint 2010 developers.
I wanted to try out Forms-based authentication claims using SQL Server as back-end store and I tried out a number of walkthroughs but this one worked like a charm – Configuring claims and form-based authentication for use with a SQL provider in SharePoint 2010 (Thanks you, Spence for pointing me in the correct direction)
Some additional remarks:
- I first tried this article – How to:Forms Based Authentication(FBA) on SharePoint 2010 but it did not complete correctly – at least for me. It however provides an interesting alternative for managing your ASP.NET users using the IIS 7.0 MMC that I was not aware of. When I find the time I will probably try it again to see how this works.
- It might be interesting to take a look at this Codeplex project – http://fba.codeplex.com
- The steps outlined are mostly manual steps – in a production environment you would probably want to automate it more or less – take a look at SharePoint 2010 Forms Based Authentication Configuration Manager which provides a possible solution
- Forms authentication in SharePoint Products and Technologies (2007): Introduction
- Forms Authentication in SharePoint Products and Technologies (2007 - Part 2): Membership and Role Provider Samples
- Forms Authentication in SharePoint Products and Technologies (2007 - Part 3): Forms Authentication versus Windows Authentication.
- Configuring custom providers using SharePoint 2010 claim based authentication.