locked
Claim Based Authentication in SharePoint 2013 RRS feed

  • Question

  • I am running Public Facing website in SharePoint 2013 and using claim based authentication. In terms of my User ID and Password is concerned is SharePoint 2013 NTLM provide me security to secure my password or I you would recommend me to use https for my website.

    My concern is just to secure Passwords for all authenticated users who are login in my public website .

    Rahim

    Monday, November 2, 2015 12:35 PM

Answers

  • Hi Molvani,

    Well, Both provides secure communication between the server and client.

    Kerberos and NTLM is an authentication method to validate the user so they can get access to the site, beside they do not encrypt the traffic over the wire, whereas for the SSL it's an encryption standard for creating a secure connection and encrypted traffic between the client and the server.

    In order to protect the credentials (use of encryption) i suggest using SSL in your case.

    by the way you can also use Kerberos with SSL if you want to.

    Thanks

    Wednesday, November 4, 2015 5:45 AM

All replies

  • If you are using a public facing website, ie. one that goes over networks not wholey owned and trusted, then you should be using HTTPS. That means if it's on the Internet you should be using HTTPS.

    Even on internal networks HTTPS isn't a bad choice in many cases.

    NTLM is not a secure means of passing credentials around anymore, it's just not tough enough to withstand modern crypt analysis.

    Monday, November 2, 2015 12:44 PM
  • What about Kerberos ??

    Should we implement Kerberos instead of HTTPS to secure credentials ??

    Thanks

    Rahim

    Tuesday, November 3, 2015 6:11 AM
  • You can configure your web app with Kerberos to have more secure environment and if you want to impersonate the user to access resources that are not on the iis server. 

    find below a good article will hep you to configure it if you want to.

    http://www.sharepointassist.com/2011/02/21/configuring-sharepoint-2010-with-kerberos-authentication/

    Thanks.

    Tuesday, November 3, 2015 7:53 AM
  • Kerberos is only good when user accounts can communicate directly with a Domain Controller, i.e. inside a company's network. Since a KDC is not (and should not) be visible externally, NTLM will be used instead.

    Trevor Seward

            

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, November 3, 2015 2:17 PM
  • Actually I am running public facing website on SharePoint 2013 and my objective is to secure credentials for all my authenticated users. To achieve this objective is default NTLM protocol used by Claim based authentication is secure or I should go with HTTPS ??
    Wednesday, November 4, 2015 5:08 AM
  • Hi Molvani,

    Well, Both provides secure communication between the server and client.

    Kerberos and NTLM is an authentication method to validate the user so they can get access to the site, beside they do not encrypt the traffic over the wire, whereas for the SSL it's an encryption standard for creating a secure connection and encrypted traffic between the client and the server.

    In order to protect the credentials (use of encryption) i suggest using SSL in your case.

    by the way you can also use Kerberos with SSL if you want to.

    Thanks

    Wednesday, November 4, 2015 5:45 AM