Archive

Posts Tagged ‘Authentication’

Using LiveID with SharePoint

Managing users and user profiles on a public or community site running SharePoint is often a pain in the ass. Luckily some creative developers have created an authentication provider for SharePoint which authenticates users with Microsoft LiveID. I’ve tried different solutions, but the extended version of CKS:LiveID developed by Wictor Wilén seems to be the best to use and easiest to install and configure.

How to get started? Well, in short terms:

  • Download the Live Authentication Provider from Codeplex.
  • Register a LiveID authentication service at Microsoft Azure.
  • Install and configure the LiveID authentication provider according to the documentation provided with the solution file.
  • Add users and user permissions to your site, and…
  • Off you go!

    Please note that the authentication provider requires outbound http and https traffic (web services). If you use a proxy, please make sure you add the appropriate proxy settings in the web.config file!

    See also Wictor’s blog post on the solution.

    The DNN-approach

    Another approach is to use the LiveID integration provided with the DotNetNuke (DNN) framework. With some additional modules, it’s possible to use DNN as an authentication and user management front-end to SharePoint. This makes a great authentication provider and self-service user management solutions, especially since the modules for DNN is free and highly customizable.

    N’Joy!

    Advertisements

    Kerberos authentication and NLB clusters

    November 24, 2008 Leave a comment

    When you use Kerberos as the authentication mechanism with Sharepoint and want to configure NLB for load balanced front-end servers you will have to configure an extra SPN for the NLB cluster name. This is caused by the fact that Kerberos uses the hostname as a part of the Kerberos Ticket request, even if the URL used is something different. This is described in detail in Microsoft KB929650.

    With the following scenario, set the SPN names accordingly:
    NLB server A: SPServerA.MyDomain.com
    NLB server B: SPServerB.MyDomain.com
    NLB Cluster Name: SPNLB.MyDomain.com
    Web Application Account: MyDomain\SharepointApp

    SPN commands for NLB with Kerberos for the described scenario:
    setspn.exe /A HTTP://SPServerA.MyDomain.com MyDomain\SharepointApp
    setspn.exe /A HTTP://SPServerB.MyDomain.com MyDomain\SharepointApp
    setspn.exe /A HTTP://SPNLB.MyDomain.com MyDomain\SharepointApp

    Please note that all computer and application accounts must be enabled as trusted for delegation!

    N’Joy!

    %d bloggers like this: