Change SharePoint authentication from classic mode to claims based

Friday, March 25, 2011

Sharepoint SharePoint 2010

Recently I was in a situation to enable form authentication for a SharePoint web application that was configured using classic mode authentication. So the solution for me is to change the authentication mode to claims based.

Caution: Be noted that once you migrated the authentication provider to claims based, you can not revert it back.

(In 2007 version, the option was to extend the web application on the same content database, and enable form authentication, but there were some troubles always as I need to deploy the dll to bin folder in both web applications, original and extended. Also there were other troubles for deploying smart parts. )

From the central administration, I checked the authentication provider and it is showing my current authentication provider as windows.

Now I am going to change my authentication provider, to do this, you need to use windows powershell.

From the start menu, go to

All Programs -> SharePoint 2010 products -> Sharepoint 2010 Management Shell

The power shell window is opened as follows.

Execute the following commands

$WebAppName = “http://win-hgdsnnuakhv”

$account = "WIN-HGDSNNUAKHV\Administrator"

$wa = get-SPWebApplication $WebAppName

Set-SPwebApplication $wa –AuthenticationProvider (New-SPAuthenticationProvider) –Zone Default

When you execute this command, a confirmation message will appear on the screen as follows.

Type Y for confirmation

After the command executed successfully, check the authentication provider from the central administration, it will show “claims based authentication”

Now execute the following commands.

set the user as an administrator for the site

$wa = get-SPWebApplication $WebAppName

$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()

configure the policy to enable the user to have full access

$zp = $wa.ZonePolicies("Default")

$p = $zp.Add($account,"PSPolicy")

$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")

$p.PolicyRoleBindings.Add($fc)

$wa.Update()

perform user migration

$wa = get-SPWebApplication $WebAppName

$wa.MigrateUsers($true)

Reference: http://technet.microsoft.com/en-us/library/gg251985.aspx

8 Comments

Hi,

I have been trying to get this to work on a new web site. I followed all the instructions as in http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx

But I want the users to be populated from a sql server database rather than IIS. When using the people picker i dont see any name from sql server. can u please assist.

thanks

Rajesh

Rajesh - Monday, March 28, 2011 5:24:02 AM

Isn't easier like this (Use 0 if you want to revert to Windows )??
$webApp = Get-SPWebApplication "http://myWebApp"
$webApp.UseClaimsAuthentication = 1;
$webApp.Update()

C. Marius - Monday, March 28, 2011 2:39:24 PM

I never tried this. But I dont think this command will perform all the mentioned steps.

This command may replace the first set of commands mentioned int he article.

sreejukg - Tuesday, March 29, 2011 8:00:13 AM

Hi,

Thank you very much for this. This ended my week-long headache on our migrated SP.

Cheers
John

John - Thursday, September 8, 2011 9:29:02 AM

this is super. thanks.

Idris - Friday, September 16, 2011 7:01:38 AM

This is really helpful!!! Thanks

Adam - Thursday, October 20, 2011 11:01:54 AM

BuZwol Thanks so much for the blog article. Want more.

cheap oem software - Thursday, May 3, 2012 2:24:58 AM

FEazWI Major thankies for the blog.Much thanks again. Want more.

eLajKppYkQsbbKULmh - Wednesday, May 16, 2012 12:17:32 PM

Comments have been disabled for this content.