Document Sample
sharepoint Powered By Docstoc


      Site Definitions are the foundations on which all sites and user templates are built.
      Site Definition is collection ox XML and .aspx file.
      Site Definitions are predefined components needs to be included when a site was
       created in SharePoint server.
      Site Definition contains information of Web Part , Lists, Features and navigation bars
       to be included in the site.
      Customizing Portal Sites and other SharePoint sites using Site Definition is most
       appropriate for third party developer and SharePoint Administrator.
      Site Definitions requires access to a file system of the Web Server.
      Server administrator must be also involved in deployment of Site Definitions.
      Custom Site Definitions are Version and Upgrade independent.
      Subsequent upgrades to SharePoint products and technologies may
       overwrite existing Site Definitions. Using Custom Site definition exclude site from
       potential upgrade issues.
      To avoid Unghosting , Custom Site Definition is to be create.
      There are two options to create it
           1. Create New Site Definition File : Either Start from Scratch and create files one
               by one or Copy an existing Site Definition and modify it.
           2. Copy a Site Definition and change it in Visual Studio: We can make copy an
               existing site definition and modify it in visual studio to create new site
      The configuration of this site definitions are defined in XML file which is available in

       C:\Program Files\Common Files\Microsoft Shared\web server
       extensions\12\TEMPLATE\1033\XML folder.
      In the file system these definitions are available in C:\Program Files\Common
       Files\Microsoft Shared\web server extensions\12\TEMPLATE\Site Templates.
      Each of these site definitions consists a XML folder and a Home page (default.aspx).

Steps to create custom Site Definition

1. Log on as an administrator

2. Browse to C:\Program Files\Common Files\Microsoft Shared\web server

Copy STS folder-> Paste it at same place -> Rename it as TIGER.

3. Open the folder Tiger

4. Search for default.aspx

5. Open default.aspx in notepad.

6. Modify code. Here we need to add code for site definition.

<%@ Page language="C#" MasterPageFile="~masterurl/default.master"
ublicKeyToken=71e9bce111e9429c" %> <%@ Register Tagprefix="SharePoint"
Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint,
Version=, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" %> <%@ Register Tagprefix="Utilities"
Namespace="Microsoft.SharePoint.Utilities" Assembly="Microsoft.SharePoint,
Version=, Culture=neutral,
PublicKeyToken=71e9bce111e9429c" %> <%@ Import Namespace="Microsoft.SharePoint"
 %> <%@ Register
Tagprefix="WebPartPages" Namespace="Microsoft.SharePoint.WebPartPages" Assembly="M
Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<asp:Content ID="Content1" ContentPlaceHolderId="PlaceHolderPageTitle" runat="server"
        <SharePoint:EncodedLiteral runat="server" text="<%$Resources:wss,multipages_h
EncodeMethod="HtmlEncode"/> -
 <SharePoint:ProjectProperty Property="Title" runat="server"/>
<asp:Content ID="Content2" ContentPlaceHolderId="PlaceHolderPageImage" runat="server
SRC="/_layouts/images/blank.gif" width=1 height=1 alt=""></asp:Content>
<asp:Content ID="Content3" ContentPlaceHolderId="PlaceHolderPageTitleInTitleArea" runa
               <label class="ms-hidden"><SharePoint:ProjectProperty Property="Title"
<asp:Content ID="Content4" ContentPlaceHolderId="PlaceHolderTitleBreadcrumb" runat="s
<asp:Content ID="Content5" ContentPlaceHolderId="PlaceHolderTitleAreaClass" runat="ser
<style type="text/css">, .ms-pagetitleareaframe {
        height: 10px;
} {
        height: 100%;
.ms-pagetitleareaframe table {
        background: none;
        height: 10px;
<asp:Content ID="Content6" ContentPlaceHolderId="PlaceHolderAdditionalPageHead" runat
        <META Name="CollaborationServer" Content="SharePoint Team Web Site">
        <script type="text/javascript">
       var navBarHelpOverrideKey = "wssmain";
<asp:Content ID="Content7" ContentPlaceHolderId="PlaceHolderSearchArea" runat="serve
       <SharePoint:DelegateControl runat="server"
              ControlId="SmallSearchInputBox" />
<asp:Content ID="Content8" ContentPlaceHolderId="PlaceHolderLeftActions" runat="server
<asp:Content ID="Content9" ContentPlaceHolderId="PlaceHolderPageDescription" runat="s
<asp:Content ID="Content10" ContentPlaceHolderId="PlaceHolderBodyAreaClass" runat="s
<style type="text/css">
.ms-bodyareaframe {
       padding: 0px;
<asp:Content ID="Content11" ContentPlaceHolderId="PlaceHolderMain" runat="server">
       <table cellspacing="0" border="0" width="100%">
         <td class="ms-pagebreadcrumb">
              <asp:SiteMapPath SiteMapProvider="SPContentMapProvider" id="ContentMap"
NodeStyle-CssClass="ms-sitemapdirectional" runat="server"/>
         <td class="ms-
webpartpagedescription"><SharePoint:ProjectProperty Property="Description"
               <table width="100%" cellpadding=0 cellspacing=0 style="padding: 5px 10px
10px 10px;">
<td valign="top" width="100%" colspan="3">
<WebPartPages:WebPartZone runat="server" FrameType="TitleBarOnly" ID="Top" Title="lo
c:Top" />
                <td valign="top" width="70%">
                       <WebPartPages:WebPartZone runat="server" FrameType="TitleBarO
nly" ID="Left"
Title="loc:Left" />
                <td valign="top" width="30%">
                       <WebPartPages:WebPartZone runat="server" FrameType="TitleBarO
nly" ID="Right"
Title="loc:Right" />
          <td valign=”top” width=”100%” colspan=”3”>
            <WebPartPages:WebPartZone runat="server" FrameType="TitleBarOnly" ID="B
Title="loc:Bottom" />


7. Register new site definition to SharePoint.

8. Open the folder

C:\Program Files\Common Files\Microsoft Shared\web server

9. Copy the file WEBTEMP.XML and save it as WEBTEMPTIGER.xml. here
make a note that , we need to append name of folder which we created in
step 2 ( in this case it is tiger) to WEBTEMP. So here name would be

10. Open WEBTEMPTIGER.XML in notepad and replace it with following

<?xml version="1.0" encoding="utf-8"?>
<!-- _lcid="1033" _version="12.0.4518" _dal="1" -->
<!-- _LocalBinding -->
<Templates xmlns:ows="Microsoft SharePoint">

 <Template Name="TIGER" ID="10009">

   <Configuration ID="1" Title="Tiger
Definition" Hidden="FALSE" ImageUrl="/_layouts/images/Eye.GIF" Description="Tiger
Site." DisplayCategory="Custom" AllowGlobalFeatureAssociations="False" > </Configurati


Make sure here ID should be greater than 10000. It must not collide with id
of any other Site Definition.

11. Restart IIS. Go to Start->Run->IISRESET

12. Now you would be able to see this Site Definition inside Custom

SharePoint Content Types in five bullets:
1. SharePoint content types is a term used for describing a collection of
For example, an invoice content type may contain a set of metadata such as buyer, date
of sale, terms of delivery, order total, shipping cost, etc.

2. Content types support user interface customization
You can define the appearance of a content type, both while editing, creating, and
displaying data based on the content type. For example, you may want to display or edit
your invoices in a page resembling an actual invoice.

3. Content types support behavior through workflows and event receivers
Data derived from a content type can behave in a certain fashion or react to specific
events. For example, an invoice may need approval from a manager, or you may want to
prevent deletion of approved invoices altogether.

4. Content types can have specific user interface elements attached
Through the use of CustomAction elements, content types can have unique menu
options attached to the user interface. For example, you may want to add a ‘Pay now’
menu option or button to an invoice, and only for an invoice.

5. SharePoint content types support inheritance of properties, appearance,
and behavior
You can create content type hierarchies, for example by having a root accounting
document content type that defines a set of metadata, user interface options, and
behavioral settings, and have the invoice child content type inherit those settings and
override or extend the definition to include the necessary modifications for an invoice.

If you think all of this sounds complex, don’t worry. Content types are easy to use, and
the complexity grows with your understanding.

How to Create Content Types
Creating content types is incredibly simple. You have access to the content types on the
Site Settings page, accessible from the Site Actions menu. You can find the Site Content
Type Gallery page by clicking the Site Content Types link in the Galleries section.

All content types inherit from an existing content type. The Site Content Type Gallery
page gives you an overview of all available content types for your site and from which
parent content type each content type inherits.

To create a new content type, click the Create button in the toolbar and type in a name
and optional description for your new type. Then, select from which parent content type
your new content type should inherit and choose or create a new display group or the
type. Hit OK and you’re done.
Once your new type is created, you can edit the settings for the content type, such as any
new columns you want to add to your type, attach workflows to your content type, or
change the name and description. You can also reach the content type configuration
page from the Site Content Type Gallery, by clicking on the content type name in the list.

How to Use a Content Type
You need to attach your content type to a list or library in order to create items based on
the content type. Generally, you can attach content types that inherit from the
Document content type to a library and content types that inherit from the Item content
type to most other lists.

To attach a content type to a list, go to the list settings of your chosen list and click the
Advanced settings link on the Site Settings page. Click Yes in the section called "Allow
management of content types?" and click OK. You will return to the Site Settings page
and should now see a new section containing the content types. Click "Add from existing
site content types", select your content type and click OK to add the content type.

You can now return to your list view and click the down-arrow on the New button to
create a new item based on your content type. Note that any additional content type
columns you added earlier will also be added to the list.
    How to Deploy SharePoint WebParts
    Method 1 - manual
    Copy assembly DLL to either
     - /bin directory for a given IIS virtual server (e.g., c:\inetpub\wwwroot\bin)
     - Global Assembly Cache (e.g., c:\windows\assembly)

    Copy DWP file to C:\Inetpub\wwwroot\wpcatalog

    Copy resources to
     - For GAC-registered parts, C:\Program Files\Common Files\Microsoft Shared\web
     server extensions\wpresources
     - For Web Parts in the /bin directory, C:\Inetpub\wwwroot\wpresources

    Adjust web.config
     - Register as SafeControl
     - Select Code Access Security settings

    Method 2: CAB File
     CAB file should contain
      -Assembly DLL
      -DWP file(s)
      -Resource files (if needed)
     CAB won't contain
      - Code Access Security settings

     Server-side object model has methods for deploying such a CAB file

     Deploy with STSADM.EXE
      Located in C:\Program Files\Common Files\Microsoft Shared\web server
      Add it to your path
      Stsadm -o addwppack -filename filename [-globalinstall] [-force]

    Method 3: MSI File via WPPackager
     All of the features of CAB file deployment, but with
      - Code Access Security support
      - Ability to uninstall via Control Panel

     Get WPPackager.exe

     Add additional files to project for use by WPPackager

     Run WPPackager after project is built

    What is a Shared Service Provider?
    For those of you who don't know what I am talking about a bit of overview. In MOSS 2007
    there is this new concept of Shared Services Providers(SSP). The idea being that there are
    certain services that really make sense to centrally manage and share. A good example
    being profiles. With a SSP we can import all of the profile information from AD once and
    then our various web applications can consume the data. So maybe we
    have http://marketing and http://accounting it doesn't make sense for each one to maintain
    identical profile information, they should share.
    The major services that are handled by the SSP are:

          Profiles and Audiences
          My Sites
          Search
          All of Excel Services
      All of the BDC (Business Data Catalog)

Below is an example screen shot from MOSS 2007 Enterprise:

Sometimes the easiest way to think of Shared Services is the Parent vs. Child relationship.
The Parent (your SSP) goes out and does all of the work (pulling BDC data, indexing
content, hosting My Sites) and the child (your web applications) come to the parents to ask
for $5 (request data from the BDC, or view a calculated Excel sheet). Does that help?
Multiple SSPs
One of the most overwhelming things about SSPs for some people planning is how many
should I have? It is easy to see from the interface that you are given the opportunity to
create more than one. When should you do this?
As a general rule of thumb most companies will use one SSP. This is my default answer. So
why do they give you the ability to run multiple SSPs? There are cases where you want
separate search or profiles. The most common? Extranet/internet scenarios. Maybe your
SharePoint farm hosts two primary web applications. http://portal for your intranet
and http://ourcustomers for your extranet. In this scenario you probably want separate
search and profiles. And now you have found the reason to have multiple SSPs. You don't
want to share information you want unique information for both.
Another advantage of SSPs
Separation of roles. In some medium and large environments it is not uncommon to have
one group administering the physical server farm while another group needs to just
maintain search. Well the SSP concept makes this very easy. Since the SSP is its own
SharePoint site collection you can define a users access so they can NOT access central
administration but they CAN access the SSP. And once they get into the SSP you can even
limit them. Once inside the SSP you can determine if they can:

      Manage   user profiles
      Manage   audiences
      Manage   permissions
      Manage   usage analytics

Best I can tell if you give them access to the SSP all of the other SSP functions they will
have rights to. Guess it needs more testing.
Still this separation of services from the actual administration of the server can be quite
useful. Epically in companies where the less access I give a user the better.
Moral of the story
SSPs are very helpful and important to understand. They should be part of your initial
planning. They can be secured at a very granular level or they can be give broad access.
Just mark this topic down as something else you need to full think through before you start
rolling out SharePoint. And when all else fails just have one SSP.

Business Data Catalog: Overview
Office 2007
Business Data Catalog is a new business integration feature in Microsoft Office SharePoint Server 2007. It
is a shared service and it enables Office SharePoint Server 2007 to surface business data from back-end
server applications without any coding. Business Data Catalog bridges the gap between the portal site
and your business applications and enables you to bring in key data from various business applications to
Office SharePoint Server 2007 lists, Web Parts, search, user profiles, and custom applications.

Business Data Catalog provides built-in support for displaying data from databases and Web services.
That is, you can use Business Data Catalog to display data from your SAP, Siebel, or other line-of-business
(LOB) application via Web services or databases.

Implementing Event Handler in Sharepoint

Here I am sharing with you all, how to implement Event Handler Feature in sharepoint and
how to activate it.

Below example shows how to add a simple event handler that prevents items from being
deleted from a list. Two procedures are involved in this task:

    1. Creating an event handler in Microsoft Visual Studio
    2. Adding the event handler as a Feature in SharePoint

To create the event handler in Visual Studio

    1. Create a new project in Visual Studio by clicking File, pointing to New, and then
         clicking Project.
    2.   In the New Project dialog box, select Visual C# in the Project types box, select Class
         Library in the Templates box, type DeletingEventHandler in the Name box, and then
         click OK.
    3.   In Solution Explorer, select DeletingEventHandler, and click Add Reference on the
         Project menu.
    4.   In the Add Reference dialog box, select Microsoft.SharePoint on the .NET tab and
         then click OK.
    5.   In the Code Editor, import the Microsoft.SharePoint namespace as follows.

Change the name of the class like DeleteItemEvent and Inherit it from
the SPItemEventReceiver class, as follows.

public class DeleteItemEvent : SPItemEventReceiver

Now add code within the class to override the ItemDeleting method given Belowe.

public class DeleteItemEvent : SPItemEventReceiver
  public override void ItemDeleting(SPItemEventPropertiesproperties)
      properties.Cancel = true;
      properties.ErrorMessage = "Deleting item from" + " " + properties.ListTitle + " " + "is
not supported";

Now go to Project menu in visual studio, in this last option isDeleteItemEvent
Properties click the Signing tab, select Sign the assembly, select Choose a strong name key
file, and then click <New...>.

In the Create Strong Name Key dialog box, type DeletingEventHandler.snk in the Key file
name box, optionally specify a password for the key, and then click OK.

To build the project, click Build Solution on the Build menu, or press CTRL+SHIFT+B.

Find the \DeletingEventHandler\bin\Debug folder in the Visual Studio Projects folder, and
drag the DeletingEventHandler.dll file to Local_Drive:\WINDOWS\assembly to place the DLL
in the global assembly cache.

To add the event handler as a Windows SharePoint Services Feature

    1. Create a folder in Local_Drive:/Program Files/Common Files/Microsoft Shared/web
        server extensions/12/TEMPLATE/FEATURES called DeletingEventHandler.
    2. Create a Feature.Xml file in this folder like the following that identifies the Feature
        and its element manifest file and sets the Feature scope to Web site.

<Feature Scope="Web"
  Title="Deleting Event Handler"
  <ElementManifest Location="Elements.xml"/>

Here generate a GUID by running guidgen.exe located in Local_Drive:\Program
Files\Microsoft Visual Studio 8.

The Elements.xml file is given below. It is referenced in Feature.xml file in ElementManifest
Location tag.

<Elements xmlns="">
<Receivers ListTemplateId="101">
  <Assembly>ItemAddedEvent, Version=, Culture=neutral,

Here in Name tag you have to give DLL name. In assembly change info of same for that.
Find DLL in GAC and right click on DLL and click on property in that give all the information
related to assembly.

In Class tag you have to give Namespace.classname.

In the first tag Receivers "ListtemplatedId" means on which list you have to perfom the
Event Handler like Document Library, Custom List, PictureLibrary...etc. Here 101 means
Document Library. List of ListTemplated Id are given below.

      100    Generic list
      101    Document library
      102    Survey
      103    Links list
      104    Announcements list
      105    Contacts list
      106    Events list
      107    Tasks list
      108    Discussion board
      109    Picture library
      110    Data sources
      111    Site template gallery
      112    User Information list
      113    Web Part gallery
      114    List template gallery
      115    XML Form library
      116    Master pages gallery
      117    No-Code Workflows
      118    Custom Workflow Process
      119    Wiki Page library
      120    Custom grid for a list
      130    Data Connection library
      140    Workflow History
      150    Gantt Tasks list
      200    Meeting Series list
      201    Meeting Agenda list
      202    Meeting Attendees list
      204    Meeting Decisions list
      207    Meeting Objectives list
      210    Meeting text box
      211    Meeting Things To Bring list
      212    Meeting Workspace Pages list
      301    Blog Posts list
      302    Blog Comments list
      303    Blog Categories list
      1100    Issue tracking
      1200    Administrator tasks list
In command prompt, navigate to \Program Files\Common Files\Microsoft Shared\web
server extensions\12\BIN on the local drive, and type each of the following commands to
install the Feature in the deployment, activate the Feature on a specified subsite, and reset
Microsoft Internet Information Services (IIS) so that the changes take effect:

   1. stsadm -o installfeature -filename DeletingEventHandler\Feature.xml
   2. stsadm -o activatefeature -filename DeletingEventHandler\Feature.xml -
       url http://Server/Site/Subsite
   3. iisreset


We all know more or less the SPSecurityTrimmedControl. It basically allows you to display its
contents conditionally depending on the permissions of the current user. It is definitely a great
piece of engineering and very helpful in various scenarios but what if it's just not enough and you
need either to customize it or to create your own wrapper?
Being able to conditionally display content allows you to better control the HTML output of your
web pages. SharePoint 2007 is a very scalable and flexible platform which makes it possible to
create solutions for various business cases, but to be able to provide that level of flexibility,
SharePoint sends a lot of resources together with the response – not always checking whether
you're using them or not. Being able to control the output and rendering it conditionally gives you
the great power of being in control of your HTML which is very important for the performance and
accessibility of Internet facing web sites built upon SharePoint 2007.
The SPSecurityTrimmedControl is an out of the box available wrapper control which allows you to
conditionally display its contents depending on the permissions of the current user. Probably the
most common usage scenario is hiding the Site Actions menu and the Publishing Console from
anonymous users:
<SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1"
  PermissionsString="BrowseDirectories" runat="server">
    <PublishingSiteAction:SiteActionMenu runat="server" />
    <wssuc:Welcome id="explitLogout" runat="server" />
    <PublishingWebControls:AuthoringContainer ID="authoringcontrols"
        <PublishingConsole:Console runat="server" />
SharePoint 2007 uses Security Trimming which creates the User Interface (menu options, links, etc.)
based on the current user's permissions. So is the SPSecurityTrimmedControl exactly the same as
the SharePoint Security Trimming? No, it's not. What the SPSecurityTrimmedControl does, is it
determines whether the current user has enough permissions to access the contents of the
SPSecurityTrimmedControl. If he doesn't, the contents of the SPSecurityTrimmedControl will nog
get parsed by ASP.NET and you will not see even a bit of HTML coming from that content in the
output. So it's definitely a great way to optimize the output of your web pages. But what if
checking the permissions doesn't provide you enough choice?
There are many other situations you could think of when SPSecurityTrimmedControl is not enough.
First of all, imagine that you want to display some extra guidelines for the editors about editing a
Publishing Page they are editing. Although you might give them some extra permissions, which
would distinguish them from other groups, you could use a custom wrapper control which would
display its contents based on the status of the form. You can read the status of the form by
accessing theFormContext property of SPContext and then reading the status by accessing
the SPFormContext.FormMode property.
Another scenario when you could want to create a custom wrapper control would be trying to
conditionally display content on web sites using multiple authentication providers. Imagine that the
webmasters and editors work on the staging environment using the Active Directory
Authentication and then there is the production environment: most of it is available to anonymous
visitors but there are some pages accessible by users authenticated using Forms Based
Authentication (FBA). As soon as these users log in, they are not anonymous anymore. Of course it
all depends on the permissions you will give them, but it just might be the case that the
permissions of these FBA authenticated users and some of the editors might be the same. How to
keep the ability of conditionally displaying some content in such situation?

Creating a custom wrapper control
Creating custom wrapper controls is not really difficult. Most of the time implementing the logic of
displaying or hiding the contents of your custom wrapper control will be the most difficult part.
A wrapper control is nothing else than a regular ASP.NET custom control:
using   System;
using   System.Collections.Generic;
using   System.ComponentModel;
using   System.Text;
using   System.Web;
using   System.Web.UI;
using   System.Web.UI.WebControls;

namespace Imtech.SharePoint.Solution.Controls
    [ToolboxData("<{0}:CustomWrapperControl runat=server>
    public class CustomWrapperControl : WebControl
        private bool enabled = true;

          protected override void Render(HtmlTextWriter writer)
              if (enabled)
Because we want the contents of the wrapper to display conditionally, let's add
the enabled variable which will determine whether the contents should be rendered or not. Because
we want the wrapper to display its contents only and nothing else, we override the Render method
instead of the RenderContents method for example. Andrew Connell has recently wrote agood
article about making the choice between overriding the RenderContents and Render methods.
Anyway if you use that wrapper right now to conditionally display its contents:
<Imtech:CustomWrapperControl runat="server">
    <asp:Literal ID="Literal1" Text="Hello World from Wrapper"            runat="server" />
you will get an error:
So far we have created a regular ASP.NET custom control. To actually turn it into a wrapper control
we need to add one more thing: theSystem.Web.UI.ParseChildrenAttribute. The value of the
ParseChildren attribute determines how the contents of the custom controls should be parsed: as
one of its Properties or using the associated ControlBuilder. As soon as we add the
ParseChildren(false) attribute to the CustomWrapperControl class, its contents will not get parsed
as Properties of the wrapper control: a wrapper control is born. It's up to you now to implement the
logic required to determine whether the contents of the control should be rendered or not.
using    System;
using    System.Collections.Generic;
using    System.ComponentModel;
using    System.Text;
using    System.Web;
using    System.Web.UI;
using    System.Web.UI.WebControls;

namespace Imtech.SharePoint.Solution.Controls
    [ToolboxData("<{0}:CustomWrapperControl runat=server>
    public class CustomWrapperControl : WebControl
        private bool enabled = true;

           protected override void Render(HtmlTextWriter writer)
               if (enabled)

What is Authentication?

"Authentication is the process of obtaining identification credentials such as name and password from a user and
validating those credentials against some authority. If the credentials are valid, the entity that submitted the
credentials is considered an authenticated identity." (Quoted from MSDN)

What is Authorization?

"Authorization determines whether an identity should be granted access to a specific resource." (Quoted
from MSDN)

What Authentication Types are Supported by SharePoint?

In SharePoint 2003, only Active Directory authentication was supported. New to SharePoint 2007 is the extensible
ASP.Net 2.0 Provider Model. This allows a range of standard authentication types and the ability to create a custom
provider. Listed below are the methods available to authenticate to SharePoint 2007. Another change from
SharePoint 2003 to SharePoint 2007 are Zones.

Windows (Integrated)

        NTLM (Local Users or Active Directory)
        Kerberos (Requires Active Directory)


        SQL Membership Provider
        Lightweight Directory Access Protocol (LDAP) Provider
        Active Directory Provider
        Active Directory Application Mode (ADAM)
        Custom Provider

Single Sign-On (SSO)

        Active Directory Federation Services (ADFS)
        Other Identity Management Systems (3rd party)

Here is a brief summary of each authentication type listed above.


NTLM - Is a challenge-response authentication protocol, which allows a client to prove its identity without sending
a password to the server by creating a shared context between the two involved parties, and using a shared session
key. This method is used with Active Directory or local accounts.

Kerberos - Requires a trusted third-party(Active Directory) in order to mediate between two entities that want to
authenticate to one another, such as a User and a Resource. This is done through a ticketing system known as a Key
Distribution Center(KDC) which in this case is Active Directory. By the way, Kerberos communications are
encrypted using symmetric cryptography. Kerberos has some another advantage over NTLM, delegation, it can
perform a double-hop which means Entity A can forward(delegate) a ticket to Entity B which can then use Entity
A's ticket to authenticate to Entity C. Kerberos also scales better for large environments because one Entity
1 doesn't need to request authentication from another Entity to prove its identity, it just needs to send its ticket to the

Forms - Uses an authentication ticket created when the user logs on to a site. The ticket can be contained in a
cookie or passed in a query string. Each time a request is received, after the initial authentication process, the
authentication cookie is retrieved, decrypted and compared with its key. The user credentials are stored in one of the
user stores listed above or a custom provider can be created to use another type.

SQL Membership - Accesses user credentials from a SQL Membership Database.

Lightweight Directory Access Protocol(LDAP) - Accesses user credentials from a non-Microsoft or Legacy user

Active Directory - Accesses user credentials from a Microsoft Active Directory user store. Can be used to access
Active Directory in a different domain or in a hosting scenario.
Active Directory Application Mode(ADAM) - Accesses user credentials from a application specific lightweight
version of Active Directory.

Custom - Accesses user credentials from a custom defined user store that is not supported by a method above or has
specialized features.

Single Sign-On (SSO) - Provides access to resources across domains without the need to provide a credential every
time. The simple answer is you login to your domain and through defined trusts you can be granted access to
various resources outside of your own domain.

Active Directory Federation Services(ADFS) - Enables secure Single Sign-On between domains to allow Entities
from one Domain to access Entities in another Domain. This can allow Company A to grant access to a resource on
its Domain to Company B by creating a Trust Relationship between the companies and allow specific Entities access
to specific resources.

Other Identity Management Systems(3rd Party) - Same concept as ADFS but a 3rd-party solution with a custom
SSO module. This would provide support for systems such as those made by Novell, RSA Security, IBM, Sun
MicroSystems, SAP and Computer Associates.

What is a Zone?

A zone serves several purposes which include Load Balancing and Authentication boundaries. SharePoint’s
authentication model is specified at the Web Application level, which is associated with an IIS web site. Site
Collections and sub-sites are expressed as part of the application tier and have no physical presence on the file
system. If you choose to implement multiple authentication providers, you can extend the Web Application by
extending additional Zones. Zones allow the site to implement additional authentication providers for the same Web
Application. Zones available are Default, Intranet, Internet, Extranet and Custom; the default Zone is Default. A
Web Application can use any single Zone or extend to any combination of them. When extending a Web
Application to a new Zone, a new physical IIS web site is created.

An important thing to note about Zones and Authentication is that the Default Zone needs to use NTLM in order for
the Search Index service to crawl content within a Site Collection. A Policy also needs to be created for the Web
Application to allow the account for the Index to read all content for the Web Application.

Shared By: