none
with powershell it is showing it is windows, with GUI it is windows RRS feed

  • General discussion

  • I have created the web application with power shell and with GUI as well

    in GUI also I used NTLM while creating web application, but it is showing claims authentication provider. why? 


    in power shell I have used below command, as expected it is showing windows. 

    New-SPWebApplication -name contoso -hostheader contoso.shyam.com -URL http://contoso.shyam.com:6788/ -ApplicationPool contososhyam -ApplicationPoolAccount spfarm  -DatabaseName shyamcontoso

    Why it is not showing "windows" though I have used NTLM authentication using GUI. Please help me understand here..


    Wednesday, August 14, 2019 4:47 PM

All replies

  • Hi Sravan,

    In SharePoint Server, claims-based authentication is the default and preferred method of user authentication and is required to take advantage of server-to-server authentication and app authentication. In Central Administration, you can only configure claims-based authentication when you manage web applications. You can also use Microsoft PowerShell cmdlets. The use of classic mode authentication, also known as Windows classic authentication, is discouraged in SharePoint Server and you can only create or configure web applications for classic mode authentication with Microsoft PowerShell cmdlets.

    Windows Authentication is either NTLM or Kerberos. Kerberos is recommended.

    Below article for your reference:

    https://docs.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/create-web-applications-that-use-classic-mode-authentication

    Thanks & Regards,


    sharath aluri

    Wednesday, August 14, 2019 5:04 PM
  • Hi Sharath,

    Thank you for the response.

    can you  describe in little more detail and clarify below questions

    what is server to server authentication?

    what is app authentication?

    windows and claims both are same right? 

    Does it mean in CA we can not configure windows authentication like PowerShell?

    and when windows and claims both are same, why it is not possible? and why it is showing two different names?

    when Windows classic is discouraged why it is showing in SharePoint web application as windows authentication in the authentication provider section?

    when NTLM is windows authentication--> when I created web application though GUI I have selected NTLM, then why it is showing claims provider post creation? 


    • Edited by SravanC Wednesday, August 14, 2019 6:45 PM
    Wednesday, August 14, 2019 6:44 PM
  • server to Server authentication:

    Server-to-server authentication enables servers that are capable of server-to-server authentication to access and request resources from one another on behalf of users. Servers that are capable of server-to-server authentication run SharePoint Server, Exchange Server 2016, Skype for Business Server 2015, Azure Workflow Service, or other software that supports the Microsoft server-to-server protocol. Server-to-server authentication enables a new set of functionality and scenarios that can be achieved through cross-server resource sharing and access. check article for your reference.

    App Authentication:

    App authentication is the validation of an external app for SharePoint's identity and the authorization of both the app and an associated user when the app requests access to a secured SharePoint resource. App authentication occurs when an external component of a SharePoint Store app or an App Catalog app, such as a web server that is located on the intranet or the Internet, attempts to access a secured SharePoint resource. For example, an app for SharePoint that includes a component that runs in Microsoft Azure is an external app. App authentication enables a new set of functionality and scenarios that can be achieved by allowing apps to include data from SharePoint resources in the results that the app processes and displays for users. check article for your reference.

    windows and claims both are same right? 

    you mean windows claims authentication / windows classic mode authentication ?

    if it's windows claims then yes, if it's windows classic then No

    Windows classic mode authentication is no longer supported in SharePoint Server 2016

    Does it mean in CA we can not configure windows authentication like PowerShell?

    No, you can't configure via UI.

    and when windows and claims both are same, why it is not possible? and why it is showing two different names?

    That depends on what type of authentication you are creating.

    when Windows classic is discouraged why it is showing in SharePoint web application as windows authentication in the authentication provider section?

    article for your reference:

    https://docs.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/create-web-applications-that-use-classic-mode-authenticationwhen NTLM is windows authentication--> when I created web application though GUI I have selected NTLM, then why it is showing claims provider post creation?

    Who said NTLM is Windows ? When you create using GUI it creates with default authentication which is claims based.

    Thanks & Regards,


    sharath aluri

    Wednesday, August 14, 2019 7:16 PM
  • With the help of above blog, I have created web application with NTLM and kerbose -->both are showing windows authentication in authentication providers section..(with powershell) 

    so both NTLM and kerobos will come under windows classic authentication?

    and do we have NTLM and kerbores in windows claims as well? 

    and  can we say with powershell what I have created, can we say that web application comes under windows claims authetication category? ( where in authentication it Is showing windows) 

    what is the different between Kerberos and NTLM over here? Why there are 2 types in windows classic  authentication itself? 

    both NTLM and Kerberos deprecated in the 2016, correct? 





    • Edited by SravanC Thursday, August 15, 2019 5:29 AM
    Thursday, August 15, 2019 5:16 AM
  • so both NTLM and kerobos will come under windows classic authentication?

    Yes

    and do we have NTLM and kerbores in windows claims as well? 

    Yes

    and  can we say with powershell what I have created, can we say that web application comes under windows claims authetication category? ( where in authentication it Is showing windows).

    yes, below is the command for windows classic.

    New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -AuthenticationMethod <WindowsAuthType> -ApplicationPoolAccount <ApplicationPoolAccount> -Port <Port> -URL <URL>

    and the below one is for claims based.

    $ap = New-SPAuthenticationProvider
    New-SPWebApplication -Name <Name> 
    -ApplicationPool <ApplicationPool> 
    -ApplicationPoolAccount <ApplicationPoolAccount> 
    -URL <URL> -Port <Port> -AuthenticationProvider $ap

    what is the different between Kerberos and NTLM over here? Why there are 2 types in windows classic  authentication itself? 

    NTLM & Kerberos is Just a Mechanism of authentication. check this article for more. Windows Classic in used in SharePoint 2010, Windows Claims came in from SP 2013 on wards.

    both NTLM and Kerberos deprecated in the 2016, correct?

    That's not true they are still there.

    Thanks & Regards,


    sharath aluri

    Thursday, August 15, 2019 11:24 AM