locked
How does SharePoint automatically log a user in? RRS feed

  • Question

  • Hi All,

    Users are automatically logged into SharePoint when they log into Windows, which is great.  How does SharePoint do this?
    Tuesday, December 2, 2008 5:22 PM

Answers

  • Hi,

    When you open a web browser and connect to a SharePoint site, you first need to authenticate on IIS :
    - if you log on with your windows session token, and if Sharepoint allows your profile, everything is transparent for you
    - if you log on with another login/password (and your windows session account is not allowed on SharePoint for instance), SharePoint will prompt you to enter your login/password. Then IIS authenticates you and sends the token to SharePoint.
    Now, how does it work just before entering SharePoint ?
    Once you're authenticated on IIS, SharePoint identifies you through the Membership Provider and knows who you are. After that, SP gets your roles through the Role Provider and then compares your roles with the role permissions needed to access a content.

    Cheers,

    Kype

    • Marked as answer by Donia Strand Thursday, December 4, 2008 7:18 PM
    Thursday, December 4, 2008 5:21 PM

All replies

  • Hi,

    this is done using "integrated" windows authentication.


    Cheers,

    Daniel Bugday

    Web: SharePoint Forum Blog: Daniel Bugday's SharePoint Blog

    Tuesday, December 2, 2008 8:24 PM
  • Thanks for your response, yes, windows integrated is how the user is logged in.  I should have been more clear.

    I am interested in the behind the scenes description, please.

    When a user launches SharePoint through a web browser, what is actually happening behind the scenes when the user is automatically logged in, step by step?
    Tuesday, December 2, 2008 11:37 PM
  • Probably also not what you want, but given that users are not always automatically logged into to SharePoint because they are logged into Windows, perhaps you'd better also need to be told that this is a function of IE.

    In IE the default value for logon (in the Security section) is "Automatic logon in Intranet zone". Hence logically if the site is in the Intranet zone your users do not need to logon to it if they are using IE and the default setting is in place.

    Those same users if they use the TCP-IP version of the server URL - i.e 192.168.1.200 (for instance) - will not be automatically logged in/on as IE regards a URL with "." as an Internet address.

    In that case for automatic login the setting needs to be "Autmatic logon with current user name and password".


    Finally, just switch any of these users to Firefox or Safari or Chrome and they will not automatically be logged in. At least not the first time they access the site (later only if save my name/password has been clicked and not always then)




    • Proposed as answer by Kype Thursday, December 4, 2008 5:11 PM
    Wednesday, December 3, 2008 5:30 AM
  • Hi,

    When you open a web browser and connect to a SharePoint site, you first need to authenticate on IIS :
    - if you log on with your windows session token, and if Sharepoint allows your profile, everything is transparent for you
    - if you log on with another login/password (and your windows session account is not allowed on SharePoint for instance), SharePoint will prompt you to enter your login/password. Then IIS authenticates you and sends the token to SharePoint.
    Now, how does it work just before entering SharePoint ?
    Once you're authenticated on IIS, SharePoint identifies you through the Membership Provider and knows who you are. After that, SP gets your roles through the Role Provider and then compares your roles with the role permissions needed to access a content.

    Cheers,

    Kype

    • Marked as answer by Donia Strand Thursday, December 4, 2008 7:18 PM
    Thursday, December 4, 2008 5:21 PM
  •  Thanks everyone.
    Kype, thanks, I wanted to see what happened just before going into SharePoint
    Thursday, December 4, 2008 7:18 PM