You can create a Web application that uses classic mode authentication or claims-based authentication.
To create a Web application that uses claims-based authentication:
- On the Quick Launch, click Application Management.
- On the Application Management page, in the Web Applications section, click Manage web applications.
- On the Web Applications Management page, on the ribbon, click Create.
- On the Create New Web Application page, in the Authentication section, click Claims Based Authentication.
- In the IIS Web Site section, click Use an existing Web site to select a Web site that is already created, or leave Create a new IIS web site selected. The Name, Port, and Path boxes are populated with either the existing Web site’s information or with suggested settings for a new Web site. The Host Header setting is optional and may not automatically populate.
- In the Security Configuration section:
- Under Allow anonymous, select Yes or No. If you choose to allow anonymous access, this enables anonymous access to the Web site using the computer-specific anonymous access account IUSR_<computername>, by default. If you choose not to allow anonymous access, it is disabled for all site collections in this Web application. If you choose to enable anonymous access, you can still disable it at for individual site collections in this Web application.
- Under Use Secure Sockets Layer (SSL), select Yes or No. If you choose to enable SSL for the Web site, you must configure SSL by installing an SSL certificate on all Web servers in the farm.
Important More authentication methods are available for Web applications. You can change the type of authentication used by a Web application after it is created. To do this, on the Quick Launch, click Security. Under General Security, select Specify authentication providers, and then select a zone to open the Edit Authentication page.
- In the Identity Provider Settings section, configure one or more of the following options:
- Select the Enable Windows Authentication check box, expand the menu, and then select either Negotiate (Kerberos or NTLM) or NTLM. Select the Basic authentication (password is sent in the clear text) check box if you want to enable basic authentication as a fallback, if Kerberos and NTLM fail.
- Select the Enable ASP.NET Membership and Role Provider check box. In the Membership provider name box, type the name of the Membership provider that authenticates the user. In the Role manager name box, type the name of the role manager that stores role information and verifies the role or roles of authenticated users.
- Select the Enable authentication for these Trusted Identity Providers check box, expand the menu, and then select one or more Trusted Identity Providers. This option is not available if no Trusted Identity Providers are defined. To define a Trusted Identify Provider, see Manage trusts.
- The Redirection URL section defines the URL of the logon page for users that need to be authenticated. Expand the Default URL menu, and then select one of the default pages. Alternatively, click Custom URL and type in the URL of the logon page.
- Under Client Integration, select Enable Client Integration if you want your site to be able to launch applications for users.
- In the Public URL section, in the URL box, type the Web server name that users will see in the address bar of their browser for all pages in this Web application. The Zone box is automatically set to Default for a new Web application and cannot be changed from this page. You must extend a Web application to assign a different zone.
- In the Application Pool section, you can select Use existing application pool to use an application pool that is already created, or you can choose to leave Create a new application pool selected. To select an existing application pool, expand the list, and then click the application pool that you want to use. To create a new application pool for use by this Web application, click Create new application pool, and then complete the following steps:
. In the Application pool name box, type a name for the new application pool, or use the suggested name.
- Under Select a security account for the application pool:
- Select Predefined to use a system account, expand the menu, and then select the account.
- Select Configurable to use an account that is registered as a managed account, expand the menu, and then select the account. Only accounts that are currently registered as managed accounts are listed in the menu. To register another account, click Register new managed account.
- In the Database Name and Authentication section, in the Database Server box, type the name of the database server that this Web application will use. In the Database Name box, type the name of the database that you want this Web application to use. Under Database authentication, select Windows authentication (recommended) or SQL authentication. If you select SQL authentication, in the Account box, type a user name of an account that has the credentials needed to connect to the database server, and in the Password box, type the password for that account.
- In the Failover Server section, under Failover Database Server box, if SQL Server database mirroring is implemented, type the name of the designated failover database server. This setting may be left blank.
- The Search Server section lists the search service that is available to this new Web application. This section is not configurable.
- In the Service Application Connections section, expand the Edit the following group of associations menu, and then click the appropriate association. This setting may be left blank.
- In the Customer Experience Improvement Program section, click Yes to send program errors and information to Microsoft for use in improving this application. Click No to opt out of this program.
- To accept the settings and create the Web application, click OK. This may take a few moments. After the Web application is created, on the Application Created page, click OK to return to the Web Applications Management page.Bottom of Form