Tag: Authentication

Creating a Yammer-Centric Security Setup for SharePoint 2013

Okay, I’m going to preface everything in this post by saying what I’m going to be describing is not what you would consider the most secure SharePoint web application in the world.  If you are working with sensitive content then this is probably (but not absolutely) NOT the best solution for you.  However, if you…

5

Using Azure Multi-Factor Authentication With Azure Active Directory and SharePoint 2013

Today I’m going to look at one of the new and interesting security features the Azure team is providing called Multi Factor Authentication (MFA).  What it enables you to do is to use a set of services provided by the Azure team for a second form of authentication when a user logs in.  The most…

1

How To Control App Token Lifetimes in SharePoint 2013

Today's post is the first selection from the little twitter contest I announced on the Share-n-Dipity blog a few days ago:  http://blogs.technet.com/b/speschka/archive/2013/09/04/use-social-tools-to-tell-me-what-you-want-to-see-here-next.aspx.  Shariq wanted to know more about the lifetime for high trust app tokens, as he tweeted here: @speschka – I would be keen to understand more around caching tokens in High Trust Apps….

5

Security in SharePoint Apps – Part 8

PREVIOUS:  Security in SharePoint Apps – Part 7 For this, the very last in the series, I just wanted to briefly talk at a high level about the process you should be doing when developing an App for a SharePoint site that uses SAML (or FBA for that matter).  I’ve already written a detailed post…

5

Security in SharePoint Apps – Part 7

PREVIOUS:  Security in SharePoint Apps – Part 6 In this part of the series, I’m going to shift gears a bit and talk about high trust apps and the plumbing that goes along with them.  As I’ve explained somewhat earlier in this series, one of the big differences between low trust and high trust apps…

8

Security in SharePoint Apps – Part 6

PREVIOUS:  Security in SharePoint Apps – Part 5 As promised, in this part of the series we’re going to talk about the big dogs of App security – those options that you can use to let you do anything, anywhere with your content.  Specifically we’re going to look at App Only policy apps, and tenant…

9

Security in SharePoint Apps – Part 5

PREVIOUS:  Security in SharePoint Apps – Part 4 As promised in Part 4, there’s actually a very interesting type of application that you don’t even install in a site collection.  How can this be you ask…well let’s talk about it.  With most apps, you have to deploy it somewhere to be installed – the SharePoint…

5

Security in SharePoint Apps – Part 4

PREVIOUS:  Security in SharePoint Apps – Part 3 In Part 3 I talked about how SharePoint sends over a context token with the request for an App when using low trust (this does NOT come over to a high trust app).  It’s worth looking at what a context token is, and how we compare that…

11

Security in SharePoint Apps – Part 3

PREVIOUS:  Security in SharePoint Apps – Part 2  In the first two parts of this series we looked at what an App Principal is and what the security context is that we use when a request comes into SharePoint.  Now that we have those basic components of the framework defined, let’s talk a little about the…

6

Security in SharePoint Apps – Part 2

PREVIOUS:  Security in SharePoint Apps – Part 1 In Part 1 of this series I described how to think about an App Principal, and I mentioned that it is one of the main actors in determining who has rights to what content.  The other actor, of course, is the User Principal.  Between the two though,…

7