Microsoft Office Tutorials and References
In Depth Information
Service Connections Service applications available for the SharePoint farm are made
available to a web application using service connection groups. The default is to have all service
connections selected, but you can choose to make only certain service applications available
to a web application while you’re creating it by choosing [custom] (not sure why it has the
brackets, but it does) in the Group Of Connections list. This will make it possible to uncheck
the service applications you don’t want the web application to have access to.
So, this settings form for service connections lets you change the selected service applications
(Figure 11.9) associated with the web application. It thus gives you a chance to change your
mind about what service applications to associate with the web application and is simply a
good place to see what service applications are associated.
Service applications were initially enabled in Chapter 3 and covered a little more in-depth later
in this chapter. The Business Data Connectivity Service in particular is covered in Chapter 16.
Authentication Providers This setting is demonstrated in Chapter 3’s SharePoint server
farm installation and covered extensively in Chapter 10. In addition, it’s also available in
Security General Security Specify Authentication Providers.
Each web application is accessed by users using a certain authentication method (or, in
some cases, several). Users must be authenticated by an outside authentication provider
(SharePoint gives authorization to accounts already authenticated by an authentication
provider). Usually SharePoint uses a Windows integrated provider, like Active Directory.
From there the authentication method could be NTLM or Kerberos. SharePoint also supports
forms-based authentication, which uses a database (other than Active Directory’s LDAP) to
authenticate users. This is useful if you want to have a list of users accessing content but don’t
want to add them to Active Directory. Forms-based authentication requires a membership
provider and a role manager name.
For this version of SharePoint, which is trying to be more flexible with authentication, there
are two primary ways to set up authentication—Classic, which basically assumes you are
doing Windows Authentication and lets you choose from the standard IIS authentication
type options; Basic (used by mobile devices), NTLM (preferred by the Search service), and
Kerberos (negotiate; harder to set up than the other two but more secure). And Claims-based
authentication. Claims-based authentication can require a fair amount of setup outside the
SharePoint GUI, but it is the one that supports forms-based authentication (and surfaces the
fields for the membership provider and role manager). Claims-based authentication can be
used to extend the capabilities of standard authentication with extra requirements, by
specifying either a non-AD source for authentication data or extra data in AD to further narrow