Export (0) Print
Expand All

Extend claims-based web applications in SharePoint 2013

 

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

Topic Last Modified: 2014-02-10

Summary:Demonstrates how to extend an existing claims-based SharePoint 2013 web application into a new zone to surface content to different types of users.

You can extend a web application that uses claims-based authentication by using Central Administration or Windows PowerShell. When you extend a web application, you expose the same content to different sets of users by using an additional IIS web site to host the same content.

Use one of the following procedures to extend a web application. You typically use Central Administration to extend a web application. If you want to automate the task of extending a web application, which is common in enterprises, use Windows PowerShell. After the procedure is complete, you will have two separate IIS web sites that expose the same content to users.

NoteNote:
If you're using cross-site publishing, be careful about extending the web application. Depending on which site collection you extend the web application for, it can break the friendly URLs to your catalog items. Here’s what you should do:
  • On your authoring site, don’t extend the web application. It’ll break the friendly URLs to your catalog items. For example, the URL to your catalog item will not point to the friendly URL http://www.contoso.com/Computers/model101 but to the catalog item in your authoring site, for example http://www.contoso.com/sites/catalog/Lists/Products/DispForm.aspx?ID=1&Source=http%3A%2F%.

  • On your publishing site, if you want to extend the web application, for example to support different authentication providers, you have to extend the web application before you connect your publishing site to a catalog as described in Connect a publishing site to a catalog in SharePoint Server 2013. If you've already connected your publishing site to a catalog, do the following:

    1. Disconnect the publishing site from the catalog.

    2. Extend the web application for your publishing site.

    3. Repeat the procedure of connecting your publishing site to the catalog.



NoteNote:
The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013.
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Use the procedure described in this section to extend a claims-based SharePoint 2013 web application using the Central Administration.

To extend a claims-based web application by using Central Administration
  1. Verify that you have the following administrative credentials:

    • To extend a web application, you must be a member of the Farm Administrators SharePoint group and a member of the local Administrators group on the computer running Central Administration.

  2. Start SharePoint 2013 Central Administration.

    • For Windows Server 2008 R2:

      • Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Central Administration.

        If SharePoint 2013 Central Administration is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. On the Central Administration Home page, in the Application Management section, click Manage web applications.

  4. Select the web application you want to extend and, in the Contribute group of the ribbon, click Extend.

  5. On the Extend Web Application to Another IIS Web Site page, in the IIS Web Site section, configure the settings for your extended web application by selecting one of the following two options:

    • Click Use an existing IIS web site, and then select the web site on which to extend your existing web application.

    • Click Create a new IIS web site, and then type the name of the web site in the Name box.

  6. In the IIS Web Site section, in the Port box, type the port number you want to use to access the web application. If you are creating a new web site, this box contains a suggested port number. If you are using an existing web site, this box contains the current port number.

    NoteNote:
    The default port number for HTTP access is 80, and the default port number for HTTPS access is 443. To enable users to access the web application without typing in a port number, use the appropriate default port number.
  7. Optional: In the IIS Web Site section, in the Host Header box, type the host name (for example, www.contoso.com) that you want to use to access the web application.

    NoteNote:
    In general, this box is empty unless you want to configure two or more IIS web sites to use port 80 on the same server and DNS has been configured to point multiple server names to the same server.
  8. In the IIS Web Site section, in the Path box, type the path to the site directory on the server. If you are creating a new web site, this box contains a suggested path. If you are using an existing web site, this box contains the current path of that web site.

  9. In the Security Configuration section, select the authentication method that you want to use for the web application and choose whether or not to use Use Secure Sockets Layer (SSL).

    ImportantImportant:
    Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. For more information, see Plan for server-to-server authentication in SharePoint 2013.
    • Under Authentication provider, select NTLM or Negotiate (Kerberos).

      Kerberos is the recommended security configuration to use with Integrated Windows authentication. Kerberos requires the application pool account to be Network Service or special configuration by the domain administrator. NTLM authentication will work with any application pool account.

    • In the Security Configuration section, click Yes or No for the Use Secure Sockets Layer (SSL) options. If you choose Yes, you must request and install an SSL certificate to configure SSL. For more information about how to set up SSL, see How to Setup SSL on IIS 7.0.

  10. In the Public URL section, type the URL for the domain name for all sites that users will access in this web application. This URL will be the base URL for links on pages within the web application. The default URL is the current server name and port.

  11. In the Public URL section, select the zone to use for the web application in the drop-down menu.

  12. Click OK to extend the existing web application.

Use the procedure described in this section to extend claims-based SharePoint 2013 web application using Windows PowerShell.

To extend a claims-based web application by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running Windows PowerShell cmdlets.

    • You must read about_Execution_Policies.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. To extend a web application to the same port, but with a different host header, at the Windows PowerShell command prompt, type the following command::

    Get-SPWebApplication -Identity http://sitename | New-SPWebApplicationExtension -Name <Name> -HostHeader <HostHeader> -Zone <Zone> -URL <URL> -Port <Port> -AuthenticationProvider $ap
    

    Where:

    • <Name> is the name of the new IIS web site in the web application.

    • <HostHeader> is the hostname assigned to this zone of the web application.

    • <Zone> is the zone with which this new extension is to be associated.

    • <URL> is the public URL for this web application zone.

    • <Port> is the port on which this zone of the web application can be accessed.

    Example

    $ap = New-SPAuthenticationProvider -ASPNETRoleProviderName roleprovidername -ASPNETMembershipProvider membershipprovidername
    
    Get-SPWebApplication -Identity http://sitename | New-SPWebApplicationExtension -Name IntranetSite -HostHeader www.contoso.com -Zone Intranet -URL http://intranet.sitename.com -Port 9876 -AuthenticationProvider $ap
    

    For more information, see New-SPWebApplicationExtension.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft