Convert a classic based authentication SharePoint 2010 web application into a claims based web application that will use forms based authentication

This blog post attempts to bridge the gap between creating a claims based authentication web application versus converting a classic web application to claims, essentially step 1 of this blog:

New-SPAuthenticationProvider –

Here’s how you create a new web application that uses claims based authentication, using powershell (step one of the first link in this blog).   Notice how $ap variable, below,  substantiates the new authentication provider and provides the membership provider and role provider names?

$ap = New-SPAuthenticationProvider -ASPNETMembershipProvider "membership" -ASPNETRoleProviderName "rolemanager"

Set-SPWebApplication -Name "Claims Windows Web App" -ApplicationPool "Claims App Pool" -ApplicationPoolAccount "redmond\appool" -Url http://<servername> -Port 80 -AuthenticationProvider $ap



Then notice how the set spweb application actually creates the new web app using that variable $ap

The user running these commands should be a member of the SharePoint_Shell_Access role on the config DB, and a member of the WSS_ADMIN_WPG local group on all front end servers.

Finally, When you provision\create a web application in SharePoint 2010 you get the option to enable Claims based authentication. However, after the provisioning there’s no option in the GUI to turn it on if you wanted to switch from classic to claims.. PowerShell to the rescue once, again with the option to change from classic to claims based authentication using the lines below.

$App = get-spwebapplication “http://sp1:8000”
$app.useclaimsauthentication = “True”


then set the membership and role providers

see this blog for the rest of the steps, and remember that this is a one way street and you cant go back to classic