Professional SharePoint® 2007 Web Content Management Development: Building Publishing Sites with Office SharePoint Server 2007 by Andrew Connell

Chapter 15. Authentication and Authorization

A common component to all Web applications is authentication and authorization. Authentication is the process of ensuring that users are who they say they are, usually by looking up their account with a username and password combination. Authorization is the process of checking the specific rights indicating what a user can or cannot do within the provided context. Even in anonymous Web sites, the Web server authenticates users using a special anonymous user account that has been granted specific privileges.

SharePoint sites — specifically, Publishing sites — are no different. SharePoint relies on ASP.NET 2.0 for authentication, using the ASP.NET 2.0 authentication provider model. Internally, it handles the authorization piece with its own collection of components.

This chapter covers the details of the various components applicable to SharePoint security, as well as the process of customizing the ASP.NET 2.0 authentication provider model to change the default Windows authentication that SharePoint sites use to using a custom provider such as a Microsoft SQL Server database. In addition, some Publishing-specific security and permissions aspects are covered.