SharePoint 2013: Create and migrate a web application (and news on authentication)
This article will explains how to create and migrate a web application (via central administration and PowerShell), and also give some news on authentication.
Create a web application via central administration
In SharePoint 2010, when you create a web application via the central administration, you have the choice between the "Classic" or "Claims" mode :
http://spasipe.files.wordpress.com/2012/08/2210.png?w=595
This choice doesn't exist anymore in SharePoint 2013, because the default authentication provider is now Claims; the "Classic" mode is still supported but is obsolete.
When you create a web application via the central administration, it is configured with the "Claims" mode,
http://spasipe.files.wordpress.com/2012/08/234.png?w=893
Create a web application via PowerShell
The creation of a web application works as in SharePoint 2010, with the cmdlet New-SPWebApplication 
.
As explained in the previous chapter, the default provider is now "Claims"; the message displayed when you create a web application contains interesting informations :
- The "Classic" authentication mode is now obsolete,
- It is recommended to use the "Claims" provider,
- The cmdlet New-SPWebApplication should be modified to make the "Claims" provider the default provider.
Note : concerning the last point, and compared to the different versions of SharePoint 2013:
- 15.0.4128.1014 (Preview) : The cmdlet create web applications which doesn't use Claims by default,
- 15.0.4420.1017 (RTM) : No changes,
- 15.0.4481.1005 (CU 03.0213) : No changes.
Create a web application with classic parameters :
http://spasipe.files.wordpress.com/2012/08/245.png?w=893
We can see here that this web application use the "Classic" mode (the "UseClaimsAuthentication" parameter is set to "False").
http://spasipe.files.wordpress.com/2012/08/253.png?w=893
Create a web application in Claims mode
Concerning the New-SPWebApplication cmdlet, a parameter named "AuthenticationProvider" exists, its description : "Specifies the authentication provider or providers that apply to a Web application".
The creation will also follow these steps:
- Create an authentification provider via the New-SPAuthenticationProvider cmdlet,
- Create a web application by specifying this provider.
The corresponding PowerShell script:
$claimsProvider = New-SPAuthenticationProvider -UseWindowsIntegratedAuthentication -DisableKerberos
New-SPWebApplication -Name "Web App ClaimsT" -ApplicationPool "Sharepoint – 80" -Port "80" -DatabaseName "SP15_Content_ClaimsT" -HostHeader "WAClaimsT.spasipe.local" -AuthenticationMethod -NTLM -AuthenticationProvider $claimsProvider
http://spasipe.files.wordpress.com/2012/08/264.png?w=900&h=353
This time, we can see that the web application uses Claims:
http://spasipe.files.wordpress.com/2012/08/274.png?w=893
Migrate a web application
Given what we saw previously, we should at one point or another migrate these web applications, from the "Classic" to the "Claims" mode.
The MigrateUsers method that was used in SharePoint 2010 is now obsolete and you have now to use the new Convert-SPWebApplication cmdlet.
The following example will migrate the web application created previously to the Claims mode.
http://spasipe.files.wordpress.com/2012/08/285.png?w=893
If we take a look in SQL Server on the "UserInfo" table.
Before:
http://spasipe.files.wordpress.com/2012/08/294.png?w=595
After: the user logins have been encoded.
http://spasipe.files.wordpress.com/2012/08/309.png?w=595
For information, concerning the new login "SPASIPE\administrator" that became "i:0#.w\SPASIPE\administrator", we can identify some parts:
- i : identity claim
- # : user logon name
- . : type "string"
- w : délivré par Windows
Look at this very good article if you want to have more information about claims encoding.
Other languages
This article is also available in the following languages: