Monday, October 21, 2013

How to Change SharePoint authentication from classic mode to claims based

Recently, I was in a situation to enable form authentication for our satellite farms. A SharePoint web application that was configured Mistakenly by using classic mode authentication. So the solution for me is to change the authentication mode to claims based.
Note: Be noted that once you migrated the authentication provider to claims based, you cannot revert it back.
From the central administration, I checked the authentication provider and it is showing my current authentication provider as windows. Now I am going to change my authentication provider, to do this, you need to use windows power shell.
From the start menu, go to
All Programs -> SharePoint 2010 products -> SharePoint 2010 Management Shell

The power shell window is opened as follows.
Execute the following commands In order.
$WebAppName = http://aniish.com (Application name that you want to change the authentication)
$account = "Cosima\Administrator" (Account configured for Web APP)
$wa = get-SPWebApplication $WebAppName
Set-SPwebApplication $wa –AuthenticationProvider (New-SPAuthenticationProvider) –Zone Default
When you execute this command, a confirmation message will appear on the screen as follows.
Type Y for confirmation
After the command executed successfully, check the authentication provider from the central Administration, it will show “claims based authentication”
Now execute the following commands.
  • set the user as an administrator for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
  • configure the policy to enable the user to have full access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
  • perform user migration
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)


If All the above Commands Executed, Authentication will be change successfully.



Please Comment if you need Any Help. Your Feed back is always Welcome. I Am Happy to Help !!!!!


Call Stack And Custom Errors Mode Changes to get the Exact Error in SharePoint

Call Stack And Custom Errors Mode Changes to get the Exact Error in SharePoint

Please look the below Changes and apply to get the Details of Error In SharePoint Site while accessing:

The below modifications need to done on WEB.Config file of the Specific Site.
Path : C:\inetpub\wwwroot\wss\VirtualDirectories\Site Specified.

Note: Take Backup Of WEB.CONFIG before doing changes.

Step Need to Change1:

SafeMode MaxControls="200" CallStack="false"
DirectFileDependencies="10" TotalFileDependencies="50"
        AllowPageLevelTrace="false">
           to
 <SafeMode MaxControls="200" CallStack="true"
DirectFileDependencies="10" TotalFileDependencies="50" 
   AllowPageLevelTrace="false">
  
Step Need to Change2:

            <customErrors mode="On" /> 
                         to
             <customErrors mode="Off" />

Do IIS reset if necessary and access the Site, You see the Error Details!!




Please Comment if you need Any Help. Your Feed back is always Welcome. I Am Happy to Help !!!!!

SharePoint site is prompting credentials Constantly or Disable the Loop back check

SharePoint site is prompting credentials Constantly or Disable the Loop back check

I was working on a server and we were trying to access the local SharePoint site http://127.0.0.1 or http://nameoflocalserver/pages/default.aspx and I was constantly prompted for the username and password. In SharePoint 2010, it can really annoy you by not accepting your username password credentials in the popup window.

·         It’s a ‘feature’ on the server that you need to disable as a workaround :
·         Note: Microsoft Best practices is out of scope in this article.

There are two methods to do this:

1.    Specify the host names in the registry -: BackConnectionHostNames (more secure and recommended for PRODUCTION servers). 

                  Refer http://support.microsoft.com/kb/896861

2.    Disable the loopback check - DisableLoopbackCheck (less secure and recommended for DEVELOPMENT environments). Read on to use this method 2 and add via an easy power shell cmd.

You would need to create a DWORD registry key in the registry Called DisableLoopbackCheck and set it to 1.

Follow the below steps to Disable Loopback check:

1.    Click Start, click Run, type regedit, and then click OK
2.    In Registry Editor, locate the following registry key:
3.    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4.    Right-click Lsa, point to New, and then click DWORD Value. (In Win 2008, its DWORD 32bit)
5.    Type DisableLoopbackCheck, and then press ENTER.
6.    Right-click DisableLoopbackCheck, and then click Modify.
7.    In the Value data box, type 1 and then click OK.
8.    Quit Registry Editor.

Note: You may need to restart your server.

Please Comment if you need Any Help. Your Feed back is always Welcome. I Am Happy to Help !!!!!


ShareThis

X