Showing posts with label Authentication. Show all posts
Showing posts with label Authentication. Show all posts

Tuesday, September 29, 2015

Issue, if we continue to use Classic Mode in SharePoint 2013.

Issue, if we continue to use Classic Mode in SharePoint 2013.

Question: I am getting this query from some of the SharePoint community people that what is the issue if we use classic mode authentication only In SharePoint 2013,why not we use classic if it supports in SharePoint 2013.

Answer: I am trying to explain the answer as I know and per my experience. Please provide if anything that I missed.

As we all know that the default authentication in SharePoint 2013 is claims mode only. There is no Classic authentication on SharePoint 2013 by Default, If we want to use the classic we can use but we should keep in mind that the below functionalities will not work with Classic in SharePoint 2013.

1.    Office Web Apps services(OWA)
2.    SharePoint Apps like S2S
3.    Hybrid feature of SharePoint.

Please check the link below that shows on how to change the authentication from classic to claims.


http://expertsharepoint.blogspot.my/2013/10/how-to-change-sharepoint-authentication.html

I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Tuesday, September 1, 2015

Cannot start Service Claims to windows token service(c2wts) on Computer



Cannot start Service Claims to windows token service(c2wts) on Computer

Explanation: I had this issue in  one of my R&D environment  where c2wts service couldn't be started in SharePoint 2010 environment. 

Solutions: There are many solutions to resolve the issue, I tried all the possible solutions  that available and one could be my savior. In this article I am providing all the possible solutions that could apply to resolve the issue.

Solution1: Installation of .Net 3.5 or 4.0

Solution 2: If .Net is already installed, Try repairing the .net through Control panel.

Solution3:
A.       Log in to server where you want to start the c2wts Service.
B.       enter gpedit.MSC in RUN
C.      Go to Computer configuration-> Windows Settings-> Security Settings-> Public Key Policies
D.      Double click Certificate Path Validation Settings
E.       Go to Network Retrieval tab
F.       check "Define these policy settings"
G.      Uncheck "Automatically update certificates..."
H.      Uncheck "Allow issued certificate..."
I.         Click OK

Solution 4: Please follow the below to resolve the issue
Go to Registry
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Value = State
Radix= decimal

Change the value to '146944' to disable CRL checking

Please find the link from MS that provides more solutions.

 


I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Monday, March 23, 2015

How the user authentication works between share point and AD



 How the user authentication works between share point and AD

In this article I am providing the details of How the authentication process works between the share point and the AD.

1.   Client hit SharePoint site
2.   SharePoint redirects client to Identity Provider (AD) in order to get a security token
3.   Client attempts to authenticate to trusted Identity Provider (AD)
4.   The identity provider's (Security Token Service) will validate the username and password and provide a security token to a client.
5.   The client has a security token (authenticated) and submits it to SharePoint STS "Security Token Service"
6.   SharePoint STS receives security token from client and determines if we trust the issuer of that token "Identity Provider"
7.   STS then performs claims augmentation
8.   STS issues client new SAML token
9.   Client request resource "site" with new SAML token
10.   SharePoint consumes SAML token, "validates authentication successful", and builds an SPUser object in order to authorize to the secured resource

 


I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Friday, September 12, 2014

Authentication overview for SharePoint



Authentication overview for SharePoint

I found  a very good guide from MS that explains how users can authenticate SharePoint. It clearly explains authentication mechanisms of SharePoint.

SharePoint 2013:


SharePoint 2010: 

 

I hope the above information will help you to resolve the issue, in case of any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

Monday, October 21, 2013

How to Change SharePoint authentication from classic mode to claims based

Recently, I was in a situation to enable form authentication for our satellite farms. A SharePoint web application that was configured Mistakenly by using classic mode authentication. So the solution for me is to change the authentication mode to claims based.
Note: Be noted that once you migrated the authentication provider to claims based, you cannot revert it back.
From the central administration, I checked the authentication provider and it is showing my current authentication provider as windows. Now I am going to change my authentication provider, to do this, you need to use windows power shell.
From the start menu, go to
All Programs -> SharePoint 2010 products -> SharePoint 2010 Management Shell

The power shell window is opened as follows.
Execute the following commands In order.
$WebAppName = http://aniish.com (Application name that you want to change the authentication)
$account = "Cosima\Administrator" (Account configured for Web APP)
$wa = get-SPWebApplication $WebAppName
Set-SPwebApplication $wa –AuthenticationProvider (New-SPAuthenticationProvider) –Zone Default
When you execute this command, a confirmation message will appear on the screen as follows.
Type Y for confirmation
After the command executed successfully, check the authentication provider from the central Administration, it will show “claims based authentication”
Now execute the following commands.
  • set the user as an administrator for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
  • configure the policy to enable the user to have full access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
  • perform user migration
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)


If All the above Commands Executed, Authentication will be change successfully.



Please Comment if you need Any Help. Your Feed back is always Welcome. I Am Happy to Help !!!!!


ShareThis

X