- WSS v3 has replaced the ISAPI filter STSFLTR.DLL with a HTTP Handler now allowing full support of Forms-based authentication. Developers can even store the authentication table within SharePoint and have SharePoint call a list in itself to authenticate people. The change allows full support for ASP.NET 2.0 pluggable authentication methods. The use of handlers will allow more scalability in the future as other authentication methods arise...maybe OpenID
- Administrators can now set authentication at a Zone level allowing different set of people to authenticate via different vehicles and access the same content database. This definitely comes into play if you want an extranet and an intranet from the same content.
- Integrated Windows Authentication is the default provider for new web applications.
- The biggest enhancement in the authentication realm is Elevation of privileges using SPSecurity.RunWithElevatedPrivileges and SPSecurity.CodeToRunElevated. This allows the executing process to run using the Application Pools identity.
Thursday, January 03, 2008
Installment 1: Authentication - Tips from MindSharp SharePoint Developer Training