Tuesday, April 12, 2011

Change SharePoint authentication from classic mode to claims based

Recently I was in a situation to enable form authentication for a SharePoint web application that was configured using classic mode authentication. So the solution for me is to change the authentication mode to claims based.
Caution: Be noted that once you migrated the authentication provider to claims based, you can not revert it back.
(In 2007 version, the option was to extend the web application on the same content database, and enable form authentication, but there were some troubles always as I need to deploy the dll to bin folder in both web applications, original and extended. Also there were other troubles for deploying smart parts. )
From the central administration, I checked the authentication provider and it is showing my current authentication provider as windows.
clip_image001
Now I am going to change my authentication provider, to do this, you need to use windows powershell.
From the start menu, go to
All Programs -> SharePoint 2010 products -> Sharepoint 2010 Management Shell
clip_image002
The power shell window is opened as follows.
clip_image004
Execute the following commands
$WebAppName = “http://win-hgdsnnuakhv
$account = "WIN-HGDSNNUAKHV\Administrator"
$wa = get-SPWebApplication $WebAppName
Set-SPwebApplication $wa –AuthenticationProvider (New-SPAuthenticationProvider) –Zone Default
When you execute this command, a confirmation message will appear on the screen as follows.
clip_image006
Type Y for confirmation
After the command executed successfully, check the authentication provider from the central administration, it will show “claims based authentication”
clip_image007
Now execute the following commands.
  • set the user as an administrator for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
  • configure the policy to enable the user to have full access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
  • perform user migration
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)
Reference: http://technet.microsoft.com/en-us/library/gg251985.aspx and http://weblogs.asp.net/sreejukg/archive/2011/03/25/change-sharepoint-authentication-from-classic-mode-to-claims-based.aspx

No comments:

Post a Comment