Enabling or Disabling Claims Based Authentication

July 23, 2010 8 Comments

If you have already provisioned a Web Application then it may not be immediately obvious how to change the authentication over to Claims (or revert back to Classic) as this cannot be done within the GUI and can only be done within PowerShell.

Note : To do this you will need to load PowerShell and the SharePoint 2010 snap-in.

To Enable Claims :

$webApp = Get-SPWebApplication "http://webapplicationurl"
$webApp.UseClaimsAuthentication = 1;
$webApp.Update()

And to revert back to Classic mode authentication just change the 1 to a 0 :

$webApp = Get-SPWebApplication "http://webapplicationurl"
$webApp.UseClaimsAuthentication = 0;
$webApp.Update()

Fairly easy, but not immediately obvious 🙂

Advertisement

Filed under SharePoint Tagged with , , ,

8 Responses to Enabling or Disabling Claims Based Authentication

  1. sergio says:
    August 19, 2010 at 8:52 pm

    Hello,

    I just enabled the claims auth. and then revert to classic auth. and now when i try to change the user logged in (sign in with a different user) it gives an “Unexpected error”……

    Can you help me please?

    Reply
  2. marijnsomers says:
    August 30, 2010 at 7:52 pm

    Marc,
    You can also use True or False instead of 0 or 1.

    Don’t forget to do a $webapp.migrateusers() to finish it off

    Reply
    • anilmukka says:
      April 24, 2013 at 8:33 pm

      Hi

      We have webapplication with classic authentication we changed it using above powershell to claims and also $webapp.migrateusers() to finish it off but it didnt respond/any message after so much time so i simply closed the powershell snapin and after trying to access the site am getting “Access Denied” message for all the accounts even for setup/admin also.

      Reply
      • Mark Rhodes says:
        April 25, 2013 at 10:33 am

        You can view which users have been migrated to Claims with the get-spuser cmdlet. My guess is MigrateUsers needs to be rerun. I have seen that in a handful of situations, keep rerunning it and checking with get-spuser until all your users are migrated.

  3. Pingback: 2010 in review « Mark Rhodes

  4. Ben says:
    April 8, 2011 at 2:48 am

    Nice! I also had to remove the “membership” and “roleManager” nodes from the web.config (make sure you backup before changing):

    Reply
  5. Xopher says:
    July 15, 2011 at 4:16 am

    This didn’t work for me. I had to delete and recreate the web app and then reattached the content dbs.

    Reply
  6. Manas says:
    September 10, 2012 at 7:40 pm

    After changing the Authentication mode you need to reset IIS. Then Reset the SuperUser and SuperReader accounts by following Technet article http://technet.microsoft.com/en-us/library/ff758656.aspx

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: