Claims-based authentication is the default and preferred method of user authentication, and is required to take advantage of server-to-server authentication and app authentication in SharePoint 2013. Claims-based SharePoint 2013 Web applications can be created both through the Central Administration page as well as through the use of Windows PowerShell cmdlets. In this article, we will walk through the process of creating a new claims-based SharePoint 2013 Web application using Windows PowerShell.
To create a claims-based Web application using Windows PowerShell, follow these steps:
1. Verify that you have the following memberships:
- securityadmin – Fixed server role on the SQL Server instance:
- db_owner – Fixed database role on all databases that are going to be updated:
- Administrator privileges on the server on which you are running the Windows PowerShell cmdlets:
2. Start the SharePoint 2013 Management Shell
- For Windows Server 2008 R2:
On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell:
- For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell (If SharePoint 2013 Management Shell is not on the Start screen, right-click Computer, click All apps, and then click SharePoint 2013 Management Shell):
3. To create a claims-based authentication provider, from the Windows PowerShell command prompt, type the following:
$ap = New-SPAuthenticationProvider
4. To create a claims-based Web application, from the Windows PowerShell command prompt, type the following:
New-SPWebApplication -Name <Name>
-ApplicationPool <ApplicationPool>
-ApplicationPoolAccount <ApplicationPoolAccount>
-URL <URL> -Port <Port> -AuthenticationProvider $ap
Where:
<Name>: The name of the new Web application that uses claims-based authentication.
<ApplicationPool>: The name of the application pool.
<ApplicationPoolAccount>: The user account that this application pool will run as.
<URL>: The public URL for this Web application.
<Port>: The port on which the Web application will be created in IIS.
For example:
New-SPWebApplication -Name “Claims Based Site” -ApplicationPool “SharePoint 99” -ApplicationPoolAccount “bamboovnspinstaller” -Port 99 -URL “https://chauo15sql” -AuthenticationProvider $ap -SecureSocketsLayer
A new claims-based SharePoint 2013 Web application will be shown on the Central Administration page:
After you have successfully created the Web application, you must create the site collection in which you will use the Web application:
You now have a Web application that uses claims-based authentication default:
