Extending Web Application using Claims Based Authentication

Posted: 17th November 2010 by Seth Killey in SharePoint

Without a doubt, the biggest challenge I had with the upgrade to SharePoint 2010 was getting our extranet up and running using claims based authentication.  In SharePoint 2007 you could extend a web application and use forms based authentication for an extranet using Windows classic authentication (which worked beautifully with little headache).  In SharePoint 2010, you need to convert your web application to claims based authentication in order to achieve forms based authentication.  If this sounds confusing, you’re not alone.  First up is migrating to claims based authentication.  I followed this technet article http://technet.microsoft.com/en-us/library/gg144572.aspx.  Upon running this code, my web application could not authenticate any users!  Not only the extranet, but the intranet version as well.  I can’t recall exactly what fixed the issue, but I had to remove and re-add user groups to the User Policy for my web application.

Once that was complete I could extend my web application to use claims based authentication.  I followed this article http://technet.microsoft.com/en-us/library/ee806890.aspx which seems to be perfectly accurate now, but when I used this article they mistakenly had you insert code between the <system.webServer> element rather than <system.web> for the SecurityTokenServiceAppliction.  This had the awesome effect of rendering all authentication useless on my web application.  This epic adventure is detailed here http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/ed6b53e2-f265-4e10-8560-2dc734499f83/#d720c5bf-0268-4a62-9d14-2bcdf774cbc8