Recently I was tasked with setting up claims based authentication on a pre existing web application that was created using classic mode authentication.
When I checked the authentication settings through the UI I discovered that their was no way of changing the authentication method to claims based authentication.
When editing the authentication type the Forms Authentication type was disabled.
On Microsoft's TechNet site I found the following article which outlines instruction on how to change the authentication method through PowerShell.
The PowerShell outlined in the TechNet article is detailed bellow:
$WebAppName = "http://sharepoint"
$account = "<domain>\<username>"
$wa = get-SPWebApplication $WebAppName
Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)
Important
- I would recommend taking a backup of the site before applying this PowerShell script.
- It should also be noted that this process is one way and you cannot revert back to using classic authentication
- Read the TechNet article
No comments:
Post a Comment