Microsoft SharePoint 2013 makes it easy for people to work together.
SharePoint 2013 enables you and your employees to set up web sites to share information with others, manage documents from start to finish, and publish reports to help everyone make informed decisions. Authentication in SharePoint 2013 defines how users, apps, and servers obtain authenticated access to protected SharePoint resources.

If you are new to authentication in SharePoint 2013, this topic can help you identify what you need to learn to develop expertise about authentication methods for SharePoint 2013. It includes prerequisite topics that cover a variety of web infrastructure fundamentals. You must understand the prerequisite technologies first, because SharePoint 2013 builds upon them and assumes an understanding of them. Afterwards, you can begin learning about authentication in SharePoint 2013 with the resources in the Level 100 (introductory), 200 (intermediate), and 300 (advanced) sections.

We recommend that you read the topics in the order listed.

Prerequisites

This section contains links to a variety of resources that contain the background information you need to fully understand the different authentication methods that SharePoint 2013 supports.

  • Step 1: Learn about the basic, digest, and anonymous methods of authentication for Internet Information Services (IIS).

    In some cases, you might want to use the basic, digest, and anonymous authentication methods for SharePoint web sites. For an explanation of these authentication methods, see
    IIS Authentication. For configuration steps, see Configuring Authentication in IIS 7.

    Your goal is to understand the use, role, and comparative advantages of the basic, digest, and anonymous methods of authentication for IIS and how to configure them for IIS-based web sites.
  • Step 2: Learn about the NTLM authentication method.

    When you use Windows claims or Windows classic user authentication methods, SharePoint 2013 can use the NTLM authentication method. See
    Microsoft NTLM and NTLM Authentication Scheme for HTTP.

    Your goal is to understand how NTLM works to authenticate user access to web sites.
  • Step 3: Learn about Kerberos protocol and authentication method.

    When you use Windows claims or Windows classic user authentication methods, SharePoint 2013 can use the Kerberos protocol and authentication method. For the Kerberos protocol,
    What Is Kerberos Authentication? and How the Kerberos Version 5 Authentication Protocol Works. For the Kerberos protocol used for web authentication, see How Kerberos Works.

    Your goal is to understand how the Kerberos protocol works to authenticate user access to web sites.
  • Step 4: Learn about claims-based authentication.

    Claims-based authentication is recommended for user authentication in SharePoint 2013 and required for app and server-to-server authentication. See the
    Claims-based Identity for Windows white paper, An Introduction to Claims, and Claims-Based Architectures.

    Your goal is to understand the benefits of claims-based authentication, the components of a claims identity infrastructure (identity provider, security token service, account/attribute store, web-enabled client and server applications, federation provider), and how claims-based authentication works to authenticate user access to web sites.
  • Step 5: Learn about Open Authorization (OAuth).

    SharePoint 2013 uses OAuth for app and server-to-server authentication. See
    OAuth (Wikipedia), OAuth 2.0 Tutorial, and “Section 1. Introduction” of RFC 6749.

    Your goal is to understand how OAuth provides an authorization mechanism to obtain access to protected resources.
  • Step 6: Learn how to create a public key infrastructure (PKI) with Active Directory Certificate Services (AD CS).

    Some authentication methods require digital certificates installed on SharePoint servers. These certificates can be purchased from a third-party certification authority or you can deploy your own PKI. You can deploy your own PKI with AD CS. See
    Designing a Public Key Infrastructure (http://go.microsoft.com/fwlink/?LinkId=169425).

    If you need AD CS for your PKI, your goal is to understand how to deploy an AD CS-based PKI and request specific types of certificates from an AD CS server.
  • Step 7: Learn how to configure Secure Hypertext Transfer Protocol (HTTPS) websites with Internet Information Services (IIS).

    Some authentication methods require HTTPS-based communication with SharePoint servers, which use IIS to host their web sites. See
    How to Set Up SSL on IIS 7.

    Your goal is to understand how to configure certificate bindings and enable HTTPS for IIS-based web sites.

Level 100

The following resources contain introductory information about authentication in SharePoint 2013.

Level 200

The following resources contain intermediate information about authentication in SharePoint 2013.

Level 300

The following resources contain advanced information about authentication in SharePoint.

Ongoing Learning

  • Share-n-dipity blog.

    See
    Share-n-dipity.

    Your goal is to keep up-to-date with
    Microsoft Principal Consultant Steve Peschka, a leading expert in SharePoint authentication issues.

Additional Resources

SharePoint product web page

SharePoint 2013 Claims-based Authentication

SharePoint 2013 Portal