Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

SharePoint: Authentication settings in Central Administration do not match the configuration in web.config


View products that this article applies to.

Symptoms

Users are not able to authenticate to a SharePoint site and receive an 'Access Denied' error.

↑ Back to the top


Cause

The authentication settings for a SharePoint site need to be aligned with the settings in the web.config for the site to work correctly. SharePoint can be configured for Windows or Claims authentication. If you are using Claims authentication (Windows claims, Forms authentication or a Trusted Identity provider), the application will be configured for Forms authentication in the web.config, along with ensuring that Anonymous Authentication and Forms Authentication are enabled in IIS configuration. Conversely; if you are using classic Windows authentication then the application will be configured for Windows along with Windows Authentication being enabled in the IIS application settings. 

These settings are configured when you make the appropriate selections during creation or configuration of the SharePoint web application, but can become out of sync. If there is a mismatch between the web.config and the settings in SharePoint, then the application will fail to authenticate and users are likely receive an 'Access Denied' error message.

↑ Back to the top


Resolution

  1. Ensure that the web.config contains the appropriate configuration information when compared to the web applications settings.
  2. Check the web application settings:
    • Navigate to Central Administration - Application Management - Manage web applications.
    • Select the web application in question
    • Click on the 'Authentication Providers' link from the ribbon
    • Choose the appropriate zone for the web application
    • The dialog box will display the type of membership provider (Windows or Claims-Based Authentication).
    • Record the name of membership provider for the specific zone in the 'Authentication Provider' dialog box.
  3. Locate the web.config file for the web application:
  4. Typically the web.config file is stored at C:\inetpub\wwwroot\wss\VirtualDirectories\Port_Number
  5. Verify the following section in the web.config file
    <configuration>
    <system.web>
    <authentication mode="" />
    </system.web>
    </configuration>
  6. If the membership provider name is Windows, then authentication mode should be set to "Windows".
  7. If the membership provider is Claims-based authentication, then the authentication mode should be set to "Forms".

↑ Back to the top


More Information

For more information about authentication methods and authentication modes that are supported by Microsoft SharePoint Server 2010, please visit
Plan authentication methods (SharePoint Server 2010)

↑ Back to the top


Keywords: kb

↑ Back to the top

Article Info
Article ID : 2655719
Revision : 1
Created on : 1/7/2017
Published on : 2/19/2014
Exists online : False
Views : 440