Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Users are not able to authenticate to a SharePoint site and receive an 'Access Denied' error.

Cause

The authentication settings for a SharePoint site need to be aligned with the settings in the web.config for the site to work correctly. SharePoint can be configured for Windows or Claims authentication. If you are using Claims authentication (Windows claims, Forms authentication or a Trusted Identity provider), the application will be configured for Forms authentication in the web.config, along with ensuring that Anonymous Authentication and Forms Authentication are enabled in IIS configuration. Conversely; if you are using classic Windows authentication then the application will be configured for Windows along with Windows Authentication being enabled in the IIS application settings. 

These settings are configured when you make the appropriate selections during creation or configuration of the SharePoint web application, but can become out of sync. If there is a mismatch between the web.config and the settings in SharePoint, then the application will fail to authenticate and users are likely receive an 'Access Denied' error message.

Resolution

  1. Ensure that the web.config contains the appropriate configuration information when compared to the web applications settings.

  2. Check the web application settings:

    • Navigate to Central Administration - Application Management - Manage web applications.

    • Select the web application in question

    • Click on the 'Authentication Providers' link from the ribbon

    • Choose the appropriate zone for the web application

    • The dialog box will display the type of membership provider (Windows or Claims-Based Authentication).

    • Record the name of membership provider for the specific zone in the 'Authentication Provider' dialog box.

  3. Locate the web.config file for the web application:

  4. Typically the web.config file is stored at C:\inetpub\wwwroot\wss\VirtualDirectories\Port_Number

  5. Verify the following section in the web.config file

    <configuration>
        <system.web>
          <authentication mode="" />
       </system.web>
    </configuration>

  6. If the membership provider name is Windows, then authentication mode should be set to "Windows".

  7. If the membership provider is Claims-based authentication, then the authentication mode should be set to "Forms".

More Information

For more information about authentication methods and authentication modes that are supported by Microsoft SharePoint Server 2010, please visit
Plan authentication methods (SharePoint Server 2010)

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×