New in SharePoint 2010 is claims based authentication. This opens up a whole new world of authentication possibilities. You are no longer limited to just AD, LDAP or ASP.NET membership. One of the options available now with claims based authentication is to use Windows Live ID.
Why would you want to use Windows Live ID on SharePoint? It can reduce maintenance and administrative overhead for extranets or public facing web sites. You no longer have to worry about creating and maintaining another user account store, and you don’t have to deal with password reset issues. This option also enables millions of existing account holders to easily log into your SharePoint environment without having to sign up for and remember one more account.
While researching methods for using Windows Live ID with SharePoint 2010 I ran across the following web sites:
Wictor Wilen’s blog – Visual Guide to Windows Live ID authentication with SharePoint 2010
Each of the articles provide the basic information on configuring Windows Live ID with SharePoint 2010, however, there were a few details left out. Below are a few pointers as you work to get Windows Live ID working with your SharePoint environment:
- You must first test out your implementation of claims based authentication using the Microsoft Windows Live ID internal environment (WLID-INT). Once you have your SharePoint environment working with WLID-INT you can migrate it to the production WLID environment.
- When testing your implementation on WLID-INT you must use a new user account created in the WLID-INT system. You cannot use an existing production Windows Live ID account for testing. You must also ensure that you create an account with the extension @hotmail-int.com. Failure to do this will cause Windows Live ID authentication to time-out and not redirect to your site.
- You do not need to have your test SharePoint environment accessible via the Internet in order for claims based authentication with WLID-INT to work. You just need to ensure that the users testing the environment can properly resolve the fully qualified domain name (FQDN) being used.
- You will only receive the passport unique identity (PUID) for the authenticated user. You will not have access to their name, email or any other personal information. If you require that information, you will need to ensure that your users are required to complete their SharePoint user profile prior to providing them permissions to your site.
- The SharePoint web application must be created with both claims based authentication and SSL enabled. You can use a self-signed certificate for testing.
- You don’t need to purchase a 3rd party solution to enable Windows Live ID support with SharePoint 2010.