Enabling or Disabling Claims Based Authentication

If you have already provisioned a Web Application then it may not be immediately obvious how to change the authentication over to Claims (or revert back to Classic) as this cannot be done within the GUI and can only be done within PowerShell.

Note : To do this you will need to load PowerShell and the SharePoint 2010 snap-in.

To Enable Claims :

$webApp = Get-SPWebApplication "http://webapplicationurl"
$webApp.UseClaimsAuthentication = 1;

And to revert back to Classic mode authentication just change the 1 to a 0 :

$webApp = Get-SPWebApplication "http://webapplicationurl"
$webApp.UseClaimsAuthentication = 0;

Fairly easy, but not immediately obvious 🙂


8 Responses to Enabling or Disabling Claims Based Authentication

  1. sergio says:


    I just enabled the claims auth. and then revert to classic auth. and now when i try to change the user logged in (sign in with a different user) it gives an “Unexpected error”……

    Can you help me please?

  2. marijnsomers says:

    You can also use True or False instead of 0 or 1.

    Don’t forget to do a $webapp.migrateusers() to finish it off

    • anilmukka says:


      We have webapplication with classic authentication we changed it using above powershell to claims and also $webapp.migrateusers() to finish it off but it didnt respond/any message after so much time so i simply closed the powershell snapin and after trying to access the site am getting “Access Denied” message for all the accounts even for setup/admin also.

      • Mark Rhodes says:

        You can view which users have been migrated to Claims with the get-spuser cmdlet. My guess is MigrateUsers needs to be rerun. I have seen that in a handful of situations, keep rerunning it and checking with get-spuser until all your users are migrated.

  3. Pingback: 2010 in review « Mark Rhodes

  4. Ben says:

    Nice! I also had to remove the “membership” and “roleManager” nodes from the web.config (make sure you backup before changing):

  5. Xopher says:

    This didn’t work for me. I had to delete and recreate the web app and then reattached the content dbs.

  6. Manas says:

    After changing the Authentication mode you need to reset IIS. Then Reset the SuperUser and SuperReader accounts by following Technet article http://technet.microsoft.com/en-us/library/ff758656.aspx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: