Change SharePoint authentication from classic mode to claims based

Recently I was in a situation to enable form authentication for a SharePoint web application that was configured using classic mode authentication. So the solution for me is to change the authentication mode to claims based.

Caution: Be noted that once you migrated the authentication provider to claims based, you can not revert it back.

(In 2007 version, the option was to extend the web application on the same content database, and enable form authentication, but there were some troubles always as I need to deploy the dll to bin folder in both web applications, original and extended. Also there were other troubles for deploying smart parts. )

From the central administration, I checked the authentication provider and it is showing my current authentication provider as windows.

clip_image001

Now I am going to change my authentication provider, to do this, you need to use windows powershell.

From the start menu, go to

All Programs -> SharePoint 2010 products -> Sharepoint 2010 Management Shell

clip_image002

The power shell window is opened as follows.

clip_image004

Execute the following commands

$WebAppName = “http://win-hgdsnnuakhv

$account = "WIN-HGDSNNUAKHV\Administrator"

$wa = get-SPWebApplication $WebAppName

Set-SPwebApplication $wa –AuthenticationProvider (New-SPAuthenticationProvider) –Zone Default

When you execute this command, a confirmation message will appear on the screen as follows.

clip_image006

Type Y for confirmation

After the command executed successfully, check the authentication provider from the central administration, it will show “claims based authentication”

clip_image007

Now execute the following commands.

  • set the user as an administrator for the site

$wa = get-SPWebApplication $WebAppName

$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()

  • configure the policy to enable the user to have full access

$zp = $wa.ZonePolicies("Default")

$p = $zp.Add($account,"PSPolicy")

$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")

$p.PolicyRoleBindings.Add($fc)

$wa.Update()

  • perform user migration

$wa = get-SPWebApplication $WebAppName

$wa.MigrateUsers($true)

Reference: http://technet.microsoft.com/en-us/library/gg251985.aspx

Published Friday, March 25, 2011 12:04 PM by sreejukg

Comments

# re: Change SharePoint authentication from classic mode to claims based

Monday, March 28, 2011 1:24 AM by Rajesh

Hi,

I have been trying to get this to work on a new web site. I followed all the instructions as in blogs.technet.com/.../configure-forms-based-authentication-fba-with-sharepoint-2010.aspx

But I want the users to be populated from a sql server database rather than IIS. When using the people picker i dont see any name from sql server. can u please assist.

thanks

Rajesh

# re: Change SharePoint authentication from classic mode to claims based

Monday, March 28, 2011 10:39 AM by C. Marius

Isn't easier like this (Use 0 if you want to revert to Windows )??

$webApp = Get-SPWebApplication "http://myWebApp"

$webApp.UseClaimsAuthentication = 1;

$webApp.Update()

# re: Change SharePoint authentication from classic mode to claims based

Tuesday, March 29, 2011 4:00 AM by sreejukg

I never tried this. But I dont think this command will perform all the mentioned steps.

This command may replace the first set of commands mentioned int he article.

# re: Change SharePoint authentication from classic mode to claims based

Thursday, September 8, 2011 5:29 AM by John

Hi,

Thank you very much for this. This ended my week-long headache on our migrated SP.

Cheers

John

# re: Change SharePoint authentication from classic mode to claims based

Friday, September 16, 2011 3:01 AM by Idris

this is super. thanks.

# re: Change SharePoint authentication from classic mode to claims based

Thursday, October 20, 2011 7:01 AM by Adam

This is really helpful!!! Thanks

# re: Change SharePoint authentication from classic mode to claims based

Wednesday, May 2, 2012 10:24 PM by cheap oem software

BuZwol Thanks so much for the blog article. Want more.

# re: Change SharePoint authentication from classic mode to claims based

Wednesday, May 16, 2012 8:17 AM by eLajKppYkQsbbKULmh

FEazWI Major thankies for the blog.Much thanks again. Want more.