Chapter 3. Security

 

This chapter covers

  • Defining authentication
  • Working around the double hop issue
  • Exploring Single Sign-On and the Business Data Catalog
  • Configuring LOB application permissions
  • Configuring entity permissions

Recently I decided to move to the United States from the United Kingdom. I already had a passport, but in order to live and work in the United States, I needed to apply for a visa. This is a good analogy of how authentication and authorization work in both SharePoint and your back-end data source. My passport simply provides customs and immigration with information about me (my credentials); my visa, which is printed inside my passport, provides me with permissions to live and work within the United States. The same applies to SharePoint and the back-end data source. Every user has a username and password that form his credentials. Any roles that the user has, or permissions applied to that user, allow him to carry out a particular task (for example, being able to read a table or create an item in a SharePoint list). So authentication represents who you are, whereas authorization represents what you can do.

SharePoint supports several different authentication mechanisms, which we’ll discuss in the authentication section of this chapter.

3.1. Authentication

3.2. Permissions

3.3. Exercise: employing RevertToSelf authentication

3.4. Summary