Secret SharePoint: The Case of the Authentication Prompts29 May 2018
Everyone wants to make sure that their information is safe, and passwords prompts is a part of that process. However, those prompts can become excessive and annoying if they feel like they’re happening every 30 seconds. Here are some strategies to eliminate unnecessary authentication prompts for good.
Solution 1: Set the Browser to Submit Credentials
Internet Explorer will automatically submit your login credentials if it believes that the site that you’re contacting is in the intranet – that is, it should be trusted. Internet Explorer allows you to take advantage of some general rules like network shares are OK and sites that bypass the corporate proxy server are OK as well, as a quick guideline. (A proxy server is typically between the user and the internet, so those that bypass the proxy server are likely internal.) However, more importantly, Internet Explorer allows you to specify servers that it should transparently (automatically) transmit credentials for you.
The good news is that, if you use Chrome rather than Internet Explorer, Chrome utilizes these same settings to determine whether to transmit your credentials or not – so you can set them one place and get the benefits in either Internet Explorer or Chrome.
Solution 2: Implement Claims Authentication
It used to be that every web server authenticated users individually. The server needed to know the user and how to authenticate them. Whether this was done natively via IIS (Internet Information Server) on a Windows server or via LDAP (Lightweight Directory Access Protocol) wasn’t important. What was important was that the server had to do the “heavy lifting” of verifying the user. This meant that each time you went to a new web server, you would have to be reauthenticated.
However, the distributed nature of our world today has shifted the burden from the web server to a service that provides authentication support. The web server trusts the server providing authentication to properly validate the user. The power of this new approach was that the process of authenticating users can be distributed across organizations. For instance, Microsoft can authenticate Microsoft employees and Contoso can authenticate Contoso employees.
There’s also an added benefit. Once a user has authenticated to the server managing authentication, that server can tell multiple web sites about the authentication – without prompting the user again.
Setting up a claims identity server is more than can be covered in a page or two of instruction. If you’re interested in getting some help, you can reach out via the contact us page, and we’re happy to talk to you about what an engagement might look like.About the Author
Robert Bogue is a thought leader on all things SharePoint and an engaging presenter who speaks at events around the world. Rob has been awarded the Microsoft MVP designation fourteen times and earned recognition as a Microsoft patterns & practices Champion. Rob holds certifications from Microsoft: MCPD, MCITP, MCTS, MCSA: Security, MCSE, as well as CompTia: A+, Network+, Server+, I-Net+, IT Project+, E-Biz+, CDIA+. Rob also served as a team member for the SharePoint Guidance. He is the author of 25 books. Robert is committed to “making the complicated simple.” Find out more about SharePoint made simple at www.SharePointShepherd.com and get all the SharePoint secrets and more by visiting www.ThorProjects.com/content. You can also contact Rob at Rob.Bogue@ThorProjects.com.