SPWebAppAuthentication
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| WebAppUrl | Key | String | The URL of the web application | |
| Default | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Default zone. | |
| Intranet | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Intranet zone. | |
| Internet | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Internet zone. | |
| Extranet | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Extranet zone. | |
| Custom | Write | MSFT_SPWebAppAuthenticationMode[] | Specifies the authentication for the Custom zone. | |
| InstallAccount | Write | PSCredential | POWERSHELL 4 ONLY: The account to run this resource as, use PsDscRunAsCredential if using PowerShell 5 |
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| AuthenticationMethod | Required | String | Specifies the used authentication method | Classic, WindowsAuthentication, FBA, Federated |
| WindowsAuthMethod | Write | String | Method of Windows authentication (NTLM or Kerberos, only for Windows Authentication) | NTLM, Kerberos |
| UseBasicAuth | Write | Boolean | Use Basic Authentication (only for Windows Authentication) | |
| AuthenticationProvider | Write | String | Name of the TrustedIdentityTokenIssuer (only for Federated) | |
| MembershipProvider | Write | String | Name of Membership Provider (only for FBA) | |
| RoleProvider | Write | String | Name of the Role Manager (only for FBA) |
Type: Distributed Requires CredSSP: No
This resource is responsible for configuring the authentication on a web application within the local SharePoint farm. The resource is able to configure the five available zones (if they exist) separately and each zone can have multiple authentication methods configured.
NOTE: This resource cannot be used to convert a Classic web application to Claims mode. You have to run Convert-SPWebApplication manually for that.
For Classic web applications, you have to use AuthenticationMethod="Classic".
NOTE 2: Updating the configuration can take a long time, up to five minutes. The Set-SPWebApplication cmdlet sometimes requires several minutes to complete its action. This is not a SharePointDsc issue.
This example shows how to configure the authentication of a web application in the local farm using NTLM Windows Authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "NTLM"
}
)
Extranet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "FBA"
MembershipProvider = "MemberPRovider"
RoleProvider = "RoleProvider"
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication of a web application in the local farm using Kerberos Windows Authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "Kerberos"
}
)
Extranet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "FBA"
MembershipProvider = "MemberPRovider"
RoleProvider = "RoleProvider"
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication of a web application in the local farm using a custom claim provider. A SPTrustedIdentityTokenIssuer is created named Contoso, then this SPTrustedIdentityTokenIssuer is referenced by the SPWebAppAuthentication as the AuthenticationProvider and the AuthenticationMethod is set to "Federated" value.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPTrustedIdentityTokenIssuer SampleSPTrust
{
Name = "Contoso"
Description = "Contoso"
Realm = "https://sharepoint.contoso.com"
SignInUrl = "https://adfs.contoso.com/adfs/ls/"
IdentifierClaim = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
ClaimsMappings = @(
MSFT_SPClaimTypeMapping {
Name = "Email"
IncomingClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}
MSFT_SPClaimTypeMapping {
Name = "Role"
IncomingClaimType = "http://schemas.xmlsoap.org/ExternalSTSGroupType"
LocalClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
}
)
SigningCertificateThumbPrint = "F3229E7CCA1DA812E29284B0ED75A9A019A83B08"
ClaimProviderName = "LDAPCP"
ProviderSignOutUri = "https://adfs.contoso.com/adfs/ls/"
Ensure = "Present"
PsDscRunAsCredential = $SetupAccount
}
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "NTLM"
}
)
Internet = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "Federated"
AuthenticationProvider = "Contoso"
}
)
PsDscRunAsCredential = $SetupAccount
DependsOn = "[SPTrustedIdentityTokenIssuer]SampleSPTrust"
}
}
}This example shows how to configure the authentication of a web application in the local farm using Classic authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost
{
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "Classic"
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}This example shows how to configure the authentication of a web application in the local farm using NTLM Windows authentication with Basic authentication.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[PSCredential]
$SetupAccount
)
Import-DscResource -ModuleName SharePointDsc
node localhost {
SPWebAppAuthentication ContosoAuthentication
{
WebAppUrl = "http://sharepoint.contoso.com"
Default = @(
MSFT_SPWebAppAuthenticationMode {
AuthenticationMethod = "WindowsAuthentication"
WindowsAuthMethod = "NTLM"
UseBasicAuth = $true
}
)
PsDscRunAsCredential = $SetupAccount
}
}
}