Results Show: SharePoint Saturday DC

The most recent iteration of the SharePoint Saturday franchise, SharePoint Saturday DC, was held yesterday at the Microsoft Technology Center in Reston, Virginia. The day went very well, thanks to Dux Raymond Sy and his team of event coordinators, volunteers, and sponsors! Over 200 people were there and most of the sessions were packed and a few were standing room only!

There were a variety of session topics, including Dan Lewis's Social Computing talk, Tom Resing's Business Data Catalog presentation, and Jonathan Distler's overview of Arlington County, Virginia's SharePoint pilot. All-in-all, there were twenty-eight sessions plus an open "Ask the Expert" discussion in the lobby.

Dan Usher and I presented our talk SmartCard Authentication: Considerations, Options, and Pitfalls with SharePoint during the last session of the day, 4:45-5:45. Surprisingly, we still had the energy in us to have a lively discussion about security, SmartCards, and how they fit into a SharePoint implementation.

View the slides on SlideShare or download the PowerPoint file (PPT or PPTX) which includes the slides plus notes and resource links.

View Online (slides only)
SlideShare

View PowerPoint (slides + notes/resources)
PowerPoint 2003 (PPT)
PowerPoint 2007 (PPTX)

A video of our talk may be made available at some point, and I'll post it here if it does.

Speaking at SharePoint Saturday DC

In recent months there has been a series of interesting free weekend events called SharePoint Saturdays centered around the topic of--what else--SharePoint! Well, SharePoint Saturday is coming to the Washington, DC, area!

Dan Usher and I are scheduled to present together on the topic of smart card authentication with SharePoint 2007. The talk is entitled SmartCard authentication: Considerations, options and pitfalls. Oh my!

With the ever present risks of data integrity and non-repudiation, several organizations have begun to utilize smartcards for authentication to systems. With the greater number of SharePoint instances being stood up within organizations, ensuring the smartcards can be used to access data is key. In this session, we'll discuss smartcard authentication, considerations when determining the appropriate architecture, options for integration with different authentication providers and implementation pitfalls.

There are a few different ways you can integrate smart cards (or other two factor authentication) into a SharePoint instance. We'll talk about the various methods, including the option of using a custom membership provider.

There is a special food drive going along with the event. Check out Dux Raymond Sy's explanation on the SharePoint Saturday DC website.

Custom Smart Card Authentication and SharePoint

One of the great new features of SharePoint 2007 was the ability to utilize multiple means of user authentication: Active Directory, LDAP, SQL, and more. This is nothing new, and since the advent of MOSS 2007/WSS 3.0 the use of non-AD authentication via Membership Providers has been well documented.

What if you need to use PKI (Public Key Infrastructure) certificates and/or Smart Cards (like Common Access Cards, aka CAC)? There are a few ways to do this, depending on how the user certificates need to map to your account store. If you use Active Directory, there are built in ways to map certificates to users and have IIS handle the handshake. Or you can use a third-party system or SSO. This assumes you have a defined user directory and pre-defined certificate mappings.

But what if you need to accept PKI/Smart Cards, but do not have a master user directory (AD, LDAP) of everyone who will attempt to access the site?

The Concept:

• Use a custom ASP.NET Membership provider to accept and read PKI certificates (using IIS)
• Create and login to a NEW account (AD, LDAP, SQL)
• Forward the user to the SharePoint site.

Very similar to this idea from Adam Buenz.

Easy? We shall see.