SPWebAppAuthentication
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| WebAppUrl | Key | String | The URL of the web application | |
| Default | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Default zone. | |
| Intranet | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Intranet zone. | |
| Internet | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Internet zone. | |
| Extranet | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Extranet zone. | |
| Custom | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Custom zone. | |
| DefaultSettings | Write | MSFT_SPWebAppZoneSettings | Specifies the zone settings for the Default zone. | |
| IntranetSettings | Write | MSFT_SPWebAppZoneSettings | Specifies the zone settings for the Intranet zone. | |
| InternetSettings | Write | MSFT_SPWebAppZoneSettings | Specifies the zone settings for the Internet zone. | |
| ExtranetSettings | Write | MSFT_SPWebAppZoneSettings | Specifies the zone settings for the Extranet zone. | |
| CustomSettings | Write | MSFT_SPWebAppZoneSettings | Specifies the zone settings for the Custom zone. |
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| AuthenticationMethod | Required | String | Specifies the used authentication method |
Classic, WindowsAuthentication, FBA, Federated
|
| WindowsAuthMethod | Write | String | Method of Windows authentication (NTLM or Kerberos, only for Windows Authentication) |
NTLM, Kerberos
|
| UseBasicAuth | Write | Boolean | Use Basic Authentication (only for Windows Authentication) | |
| AuthenticationProvider | Write | String | Name of the TrustedIdentityTokenIssuer (only for Federated) | |
| MembershipProvider | Write | String | Name of Membership Provider (only for FBA) | |
| RoleProvider | Write | String | Name of the Role Manager (only for FBA) |
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| AnonymousAuthentication | Write | Boolean | Use Anonymous Authentication for the zone | |
| CustomSignInPage | Write | String | Specifies the URL to the custom signin page for the zone | |
| EnableClientIntegration | Write | Boolean | Enable the Client Integration features for the zone | |
| RequireUseRemoteInterfaces | Write | Boolean | Enable the Require Use Remote Interfaces for the zone |
Type: Distributed Requires CredSSP: No
This resource is responsible for configuring the authentication and authentication settings on a web application within the local SharePoint farm. The resource is able to configure the five available zones (if they exist) separately and each zone can have multiple authentication methods configured.
NOTE: This resource cannot be used to convert a Classic web application to Claims mode. You have to run Convert-SPWebApplication manually for that.
For Classic web applications, you have to use AuthenticationMethod="Classic".
NOTE 2: Updating the configuration can take a long time, up to five minutes. The Set-SPWebApplication cmdlet sometimes requires several minutes to complete its action. This is not a SharePointDsc issue.
This example shows how to configure the authentication of a web application in the local farm using NTLM Windows Authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "NTLM"
}
)
Extranet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "FBA"
MembershipProvider = "MemberPRovider"
RoleProvider = "RoleProvider"
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication of a web application in the local farm using Kerberos Windows Authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "Kerberos"
}
)
Extranet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "FBA"
MembershipProvider = "MemberPRovider"
RoleProvider = "RoleProvider"
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication of a web application in the local farm using a custom claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set to "Federated" value.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPTrustedIdentityTokenIssuer SampleSPTrust
{
Name = "Contoso"
Description = "Contoso"
Realm = "https://sharepoint.contoso.com"
SignInUrl = "https://adfs.contoso.com/adfs/ls/"
IdentifierClaim = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
ClaimsMappings = @(
MSFT_SPClaimTypeMapping {
Name = "Email"
IncomingClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}
MSFT_SPClaimTypeMapping {
Name = "Role"
IncomingClaimType = "http://schemas.xmlsoap.org/ExternalSTSGroupType"
LocalClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
)
SigningCertificateThumbPrint = "F3229E7CCA1DA812E29284B0ED75A9A019A83B08"
ClaimProviderName = "LDAPCP"
ProviderSignOutUri = "https://adfs.contoso.com/adfs/ls/"
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "NTLM"
}
)
Internet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "Federated"
AuthenticationProvider = "Contoso"
}
)
PsDscRunAsCredential = $SetupAccount
DependsOn = "[SPTrustedIdentityTokenIssuer]SampleSPTrust"
}
}
}This example shows how to configure the authentication of a web application in the local farm using Classic authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "Classic"
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication of a web application in the local farm using NTLM Windows authentication with Basic authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "NTLM"
UseBasicAuth = $true
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication settings of a web application in the local farm to allow anonymous authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
DefaultSettings = MSFT_SPWebAppZoneSettings {
AnonymousAuthentication = $true
CustomSignInPage = "/signin"
EnableClientIntegration = $false
RequireUseRemoteInterfaces = $false
}
PsDscRunAsCredential = $SetupAccount
}
}
}