SharePoint Extranet Security, Authentication, And More

Most SharePoint solutions, including those provided by SharePoint consulting firm, are developed to provide an intranet. This, in turn, makes internal networks a safer place to provide integration capabilities and the collaborations that organizations desire for their businesses and employees, among others.

However, there are other two cases for SharePoint which people do not pay attention to Extranets, also known as portals, which have the same capabilities as SharePoint for employees to work with customers. Public websites which can allow your website to control SharePoint content management capabilities, for easy and quick changes.

Intranets are not accessible to the outside world but they can be made accessible upon request. But it is a requirement for extranets to be available to the outside world. More often than not, this brings to the fore some security questions.

Active Directory domain controllers

It is a given that your SharePoint farm will need Active Directory, but the issue is how to communicate with the AD. Active Directory uses random ports. However, you are required to alter its configurations to be able to use very specific ports. Using random ports has some security benefits, but it affects how the firewall behaves.

Application Security / SharePoint platform security

There are different ways in which software susceptibilities happen. For some period, many developers did not keep track of where the data started and ended and this created an opening for attackers to place malicious data in any location, and then executed it.

This was the main means of vulnerability, and it was known as buffer overflow. However, when Microsoft recognized this issue, they solved the problem by creating a managed code which handles data carefully, so the developer doesn’t need to track the data from where it begins to where it ends.

Currently, SQL is one of the common vulnerabilities. This is where developers have entrusted the users to enter data that is safe but users enter data that gets executed by the SQL database engine. This issue is quite prevalent although Microsoft has provided methods to avoid such scenarios.

SharePoint code follows best practices, and it controls many platforms, which strengthens its security making the SharePoint application code a solid rock.


Internally, SharePoint communicates with its servers and service applications using claims. The moment you try to get search results you become a claim. SharePoint uses its default configuration, which is the authentication based on claims and the authentication integrated to the Windows to convert your Windows authentication into a claim.

Externally, users can configure a trusted identity provider to authenticate SharePoint using the Security Assertion Markup Language (SMAL) protocol. In this case, the provider gives SharePoint a claim. Thus the inbuilt secure token service is not used.