Security and Identity Management Considerations for Application Development "From the Trenches"
There are a number of security, identity management and authentication considerations when developing custom applications and related features in SharePoint 2013, Office 365, SharePoint Online and Microsoft Azure.
You should always keep in mind SharePoint 2013’s “claims first” authentication architecture during your development as well as in discussions with the business about their custom requirements.
With SharePoint 2013’s user authentication based on claims, user authentication results in creation of a claims token which tracks name value pairs related to token subject. These claims tokens are stored in memory using FEDAUTH token format.
Overview of App Authentication
SharePoint 2013’s app authentication is supported in CSOM as well as in REST API endpoints but is not supported for custom web services. There are three types of app authentication utilized by SharePoint 2013 as follows: