创建 web 应用程序在 SharePoint 服务器中使用经典模式身份验证
**上一次修改主题:**2018-02-20
**Summary:**Learn how to create a web application that uses classic mode (Windows-classic) authentication in SharePoint Server 2016 and SharePoint Server 2013.
In SharePoint Server, claims-based authentication is the default and preferred method of user authentication and is required to take advantage of server-to-server authentication and app authentication. In 管理中心, you can only configure claims-based authentication when you manage web applications. You can also use Microsoft PowerShell cmdlets. The use of classic mode authentication, also known as Windows classic authentication, is discouraged in SharePoint Server and you can only create or configure web applications for classic mode authentication with Microsoft PowerShell cmdlets.
重要
Office Online can be used only by SharePoint Server web applications that use claims-based authentication. Office Online rendering and editing will not work on SharePoint Server web applications that use classic mode authentication. If you migrate SharePoint 2010 web applications that use classic mode authentication to SharePoint Server 2016, you must migrate them to claims-based authentication to allow them to work with Office Online. For more information, see 将 Office Web Apps 与 SharePoint 2013 一起使用.
To use Windows claims-based authentication instead (recommended), see 在 SharePoint 服务器中创建基于声明的 web 应用程序. To convert a web application that uses classic mode to use claims-based authentication, see 在 SharePoint 2013 中从经典模式身份验证迁移到基于声明的身份验证.
重要
The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server.
Before you begin
Before you perform this procedure, confirm the following:
You have determined the design of your logical architecture.
For additional information, see Logical architecture components in SharePoint Server 2013.
You have planned authentication for your web application.
For additional information, see 在 SharePoint Server 中计划用户身份验证方法.
If you use Secure Sockets Layer (SSL), you must associate the SSL certificate with the web application's IIS website after the IIS website is created. SSL is required by default for web applications that are used in server-to-server authentication and app authentication scenarios.
You understand host-named site collections.
For more information, see SharePoint Server 中以主机命名的网站集体系结构和部署.
Create a web application that uses classic mode authentication with PowerShell
Perform the following procedure to use PowerShell to create a web application that uses classic mode authentication.
To create a web application that uses classic mode authentication with PowerShell
Verify that you have the following memberships:
securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the PowerShell cmdlets.
Add memberships that are required beyond the minimums above.
An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 产品 cmdlets.
备注
If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.
Start the SharePoint Management Shell.
At the PowerShell command prompt, type the following command:
New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -AuthenticationMethod <WindowsAuthType> -ApplicationPoolAccount <ApplicationPoolAccount> -Port <Port> -URL <URL>
Where:
<Name> is the name of the new web application.
<ApplicationPool> is the name of the application pool.
< WindowsAuthType > is either “NTLM” or “Kerberos”. Kerberos is recommended.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<Port> is the port on which the web application will be created in IIS.
<URL> is the public URL for the web application.
Example
New-SPWebApplication -Name "Contoso Internet Site" -ApplicationPool "ContosoAppPool" -AuthenticationMethod "Kerberos" -ApplicationPoolAccount (Get-SPManagedAccount "CONTOSO\jdoe") -Port 80 -URL "https://www.contoso.com"
For more information, see New-SPWebApplication.PShell_stsadm_deprecated
After this procedure is complete, you can create one or more site collections for this web application. For more information, see 在 SharePoint Server 中创建网站集.
After you successfully create the web application, when you open the 管理中心 page, you see a health rule warning that indicates that one or more web applications is enabled with classic authentication mode. This is a reflection of our recommendation to use claims-based authentication instead of classic mode authentication.
See also
在 SharePoint Server 中计划用户身份验证方法
在 SharePoint 服务器中创建基于声明的 web 应用程序