SharePoint: Authentication settings in Central Administration do not match the configuration in web.config

Vzťahuje sa na: Microsoft SharePoint Foundation 2010SharePoint Server 2010SharePoint 2010 For Internet Sites Standard

Symptoms


Users are not able to authenticate to a SharePoint site and receive an 'Access Denied' error.

Cause


The authentication settings for a SharePoint site need to be aligned with the settings in the web.config for the site to work correctly. SharePoint can be configured for Windows or Claims authentication. If you are using Claims authentication (Windows claims, Forms authentication or a Trusted Identity provider), the application will be configured for Forms authentication in the web.config, along with ensuring that Anonymous Authentication and Forms Authentication are enabled in IIS configuration. Conversely; if you are using classic Windows authentication then the application will be configured for Windows along with Windows Authentication being enabled in the IIS application settings. 

These settings are configured when you make the appropriate selections during creation or configuration of the SharePoint web application, but can become out of sync. If there is a mismatch between the web.config and the settings in SharePoint, then the application will fail to authenticate and users are likely receive an 'Access Denied' error message.

Resolution


  1. Ensure that the web.config contains the appropriate configuration information when compared to the web applications settings.
  2. Check the web application settings:
    • Navigate to Central Administration - Application Management - Manage web applications.
    • Select the web application in question
    • Click on the 'Authentication Providers' link from the ribbon
    • Choose the appropriate zone for the web application
    • The dialog box will display the type of membership provider (Windows or Claims-Based Authentication).
    • Record the name of membership provider for the specific zone in the 'Authentication Provider' dialog box.
  3. Locate the web.config file for the web application:
  4. Typically the web.config file is stored at C:\inetpub\wwwroot\wss\VirtualDirectories\Port_Number
  5. Verify the following section in the web.config file
    <configuration>
    <system.web>
    <authentication mode="" />
    </system.web>
    </configuration>
  6. If the membership provider name is Windows, then authentication mode should be set to "Windows".
  7. If the membership provider is Claims-based authentication, then the authentication mode should be set to "Forms".

More Information


For more information about authentication methods and authentication modes that are supported by Microsoft SharePoint Server 2010, please visit
Plan authentication methods (SharePoint Server 2010)