SPWebAppAuthentication
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| WebAppUrl | Key | string | The URL of the web application | |
| Default | Write | string[] | Specifies the authentication for the Default zone. | |
| Intranet | Write | string[] | Specifies the authentication for the Intranet zone. | |
| Internet | Write | string[] | Specifies the authentication for the Internet zone. | |
| Extranet | Write | string[] | Specifies the authentication for the Extranet zone. | |
| Custom | Write | string[] | Specifies the authentication for the Custom zone. | |
| InstallAccount | Write | PSCredential | POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 |
This resource is responsible for configuring the authentication on a web application within the local SharePoint farm. The resource is able to configure the five available zones (if they exist) separately and each zone can have multiple authentication methods configured.
NOTE: This resource cannot be used to convert a Classic web application to Claims mode. You have to run Convert-SPWebApplication manually for that.
NOTE 2: Updating the configuration can take a long time, up to five minutes. The Set-SPWebApplication cmdlet sometimes requires several minutes to complete its action. This is not a SharePointDsc issue.
This example shows how to configure the authentication of a web application in the local farm using a custom claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set to "Federated" value.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "NTLM"
}
)
Extranet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "FBA"
MembershipProvider = "MemberPRovider"
RoleProvider = "RoleProvider"
}
)
}
}
}This example shows how to configure the authentication of a web application in the local farm using a custom claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set to "Federated" value.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPTrustedIdentityTokenIssuer SampleSPTrust
{
Name = "Contoso"
Description = "Contoso"
Realm = "https://sharepoint.contoso.com"
SignInUrl = "https://adfs.contoso.com/adfs/ls/"
IdentifierClaim = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
ClaimsMappings = @(
MSFT_SPClaimTypeMapping{
Name = "Email"
IncomingClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}
MSFT_SPClaimTypeMapping{
Name = "Role"
IncomingClaimType = "http://schemas.xmlsoap.org/ExternalSTSGroupType"
LocalClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
)
SigningCertificateThumbPrint = "F3229E7CCA1DA812E29284B0ED75A9A019A83B08"
ClaimProviderName = "LDAPCP"
ProviderSignOutUri = "https://adfs.contoso.com/adfs/ls/"
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "NTLM"
}
)
Internet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "Federated"
AuthenticationProvider = "Contoso"
}
)
DependsOn = "[SPTrustedIdentityTokenIssuer]SampleSPTrust"
}
}
}