Thanks for checking out part two of my three part blog series on the integration between SharePoint and Sitecore. If you missed last weeks post on my introduction to the topic, you should definitely check it out.
Last time, I gave a pretty quick and high level overview of what "integration" means for SharePoint and Sitecore. There are three types of integration between the two enterprise platforms; page-level, item-level and API integration. For a developer like myself, this is very exciting as the API integration really opens the world for us when creating solutions to extract content between both content management sysems.
In this post I am going to outline the authentication scenarios when integrating the two platforms together.
Which authentication methods are supported?
Both platforms support various types of authentication. Sitecore a bit more robust as it supports it's default Sitecore membership provider, AD providers, Microsoft CRM Provider, Federated, Virtual users as well as custom providers using ASP.NET membership provider. Sharepoint itself supports Claims-based, Windows authentication, FBA and SAML token-based authentication.
Sitecore SPIF uses network credentials of the current security. The API uses a class called CredentialCache.DefaultNetworkCredentials, but because of how it provides credentials, the default credentials cannot be used for SharePoint environments that use claims-based authentication...
Below are the authentication methods you can use between Sitecore and SharePoint given the following scenarios.
If SharePoint is configured for Classic-mode authentication
- Windows Authentication
- SAML token-based
- Not available
If SharePoint is configured for Claims-based authentication
- Windows Authentication
- SAML token based
- ADFS 2.0 - this greatly simplifies access to applications with an open and interoperable claims-based model. ADFS 2.0 is a redesign Federation Service that supports WS-Trust, WS-Federation and SAML protocols.
If SharePoint Online
- Windows Azure Active Directory
- SharePoint online is an Office 365 service so we must use the authentication service provided by Microsoft (Windows Azure AD).
- Authentcation is done using SharePointOnlineCredentials object in the CSOM framework for SharePoint.
- Can also be configured to use single sign on.
Instead of overwhelming you with the authentication configuration and integration of this, I am hoping to just shed some light on the authentication possiblities between the two platforms. My next blog post will be a deep dive into the architecture. I am going to talk about what the overall architecture looks like and also provide some examples of functionality that you can look forward to by integrating these two platforms together.
I would like to reiterate that this blog post is a means of providing high-level information to anyone interested in the integration scenarios between Sitecore and SharePoint. It would be much too complicated to try and explain exactly how the authentication works and how it would be configured. If you are interested, you can read through the "SharePoint Connect Developers Cookbook A4" on the Sitecore Developer site.