Welcome to Part II of SharePoint 2013 SharePoint Claims Infrastructure. Previously in Part I, I wrote about the Distributed Cache Service and how it has helped revolutionize the authentication model in SharePoint 2013 by allowing for active load balancing in the farm as it pertains to authentication. In Part II, I focused on OAuth and SharePoint Apps as they relate to SharePoint 2013 authentication and discussed the benefits that we’re starting to see with claims-based authentication.
In this post, I want to look at SharePoint 2013 Search and talk a little about how its affected by claims. A point I want to make is that I haven’t yet tested SharePoint 2013 with a custom Identity Provider (like ADFS), so I can’t say whether SharePoint 2013 Search supports crawling a web application that doesn’t have NTLM authentication enabled. I’m not going to speculate here either, but stay tuned!
However, Search in SharePoint 2013 is fully claims aware, meaning that it supports claims from all connectors, not just SharePoint. Specifically, Business Connectivity Services (BCS) provides the ability to surface claims information from the model directly into SharePoint 2013 and (consequently) search to support security trimming. Previously, BCS did not have this capability. If you wanted to surface claims information in SharePoint 2010 BCS, you had to map it to a Windows NT Access Control List (ACL) or implement custom security trimming to ensure users weren’t seeing items they didn’t have access to.
Claims has its hands in a lot of pots this time around in SharePoint, and I wouldn’t be surprised if a solution for non-NTLM authentication existed in the 2013 crawler. Check in soon for the final installment of this series: Server to Server (S2) Authentication.
