SharePoint 2010: Classic Mode Vs Claims Based Authentication


One of the setting that you need to pick when creating a web application in SharePoint 2010 is the Authentication type. The two options that you have are:

  • Claims Based Authentication
  • Classic Mode Authentication


Classic Mode: This is no different from the traditional AD based authentication. One contraint with classic mode is that you cannot implement “Forms Based Authetication” later on, if you want to.

Although you can convert “classic mode” to “claims based” but will have to use shell script. There is no UI available in Central Admin to do it.

Claims Based: Claims based authenticaition gives you option to autheticate users using AD as well as Form based authentication for the same web application. It’s based on Windows Identity Foundation, and can enable several advanced authentication scenarios as described in this article:

Claims based authentication would be the preferred approach for most users. Classic Mode may be selected if mandated by corporate policy or for backward compatibility. Microsoft is also showing more commitment towards broader adoption of Claims based authentication across various product lines (Azure, CRM, etc), and therefore is a better choice for any new development.

Update (November 2013): I was looking at SharePoint 2013 (Preview Version) and it seems there is no option for users to select Classic Mode Authentication when creating a new Web Application. Although this can change by the product release, it definitely is an indication of the direction that Microsoft is going, which is to encourage Claims based Authentication.

I wanted to cover these three main changes with respect to SharePoint 2013 on-premise licensing in this post, but there are other changes being introduced with respect to features and SKUs in SharePoint 2013 on-premise as well as O365 licensing.