Any network operation will ask the user attempting to access it to sign on with a username and password. This is the authentication process. It verifies who is allowed to access the network, either the main server or one of the client machines. To process the authentication operation, there must exist a database with information about users who are allowed to access the system. This database, in general, only has a minimum of information, It will have the first and last name of the user, their username, and a password. Optionally, it may also contain an e-mail address and operational groups that the user may belong to.
This next figure shows how authentication works. There are six steps in the process.
Part 1: The Host and the Server interact.
- The User requests access to the network or to the host.
- The Server sends a challenge message, for instance, a message asking for the password.
- The Client sends the response message, the password.
Part 2: The Server and the Domain Controller, which is the network server, interact.
- The Server sends a challenge to the domain controller.
- The Domain Controller responds by accessing its database and sends the result to the server.
Part 3. The Server and the Host interact again.
- The server, with the authentication results from the domain controller, sends the response to the host, and the result is to let the user into the network or to deny access.
This is the process of NTLM authentication, (NT Lan Manager), used on Windows Networks.
Internet Information Service (IIS) Authentication
SharePoint was written using the ASP.NET framework, and it is configured for Windows authentication. But it relies on IIS to authenticate its clients using the configured authentication mode. The available modes are:
- Anonymous (enabled by default)
- Integrated Windows authentication (enabled by default)
- Client Certificate Mapping
IIS is Microsoft’s web server application that operates on Windows Servers. It gives Windows HTTP capability. It goes back as far as Windows NT and 2000, but it is found in Server 2003 and Server 2008. It is also available on the clients, Win95, 98,.XP, Vista, and Windows7.
Applications that are loaded on a Windows server or client frequently use Windows Authentication to enable the application. Examples include SQL Server 2005, and the .net framework with visual studio 2005. SharePoint has the ability to run under any of the modes that are available in IIS.
SharePoint also uses Windows Authentication to allow users into the system. This is done as an administrator creates user accounts to access the system. By being added to SharePoint site groups individual domain users and groups can be given access rights to SharePoint sites and resources.
Pass Through Authentication in SharePoint
Pass through authentication in SharePoint is simple in theory. You sign on only once. Your username and password, which are authenticated with the Windows NTLM protocol, should be enough to pass through to SharePoint for authentication. However, this does not always happen.
There are many integration features available through Office 2007 and SharePoint, but they rely on Windows authentication to work well. Without it, integration elements have a hard time performing as intended. So to minimize confusion, SharePoint offers an alternative mode whereby certain Windows authentication elements are removed. Anonymous access is the preferred method of authentication.
Additional detailed instructions can be found here.
Authentication is a security feature that is available in Windows Servers and Clients. The normal authentication is the username and password. But there are several technologies that make this happen. NTLM, Windows, IIS, and SharePoint. Pass through authentication in SharePoint involves just signing on once, with the username and password, and letting the authentication technology push the authentication from one service to the next.
This post is part of the series: SharePoint - How It Works and What It Does
SharePoint is a collaborative program designed for document and project management across an enterprise. It is a browser based application which can be used to create websites for internal and external business operations.