SharePoint/Create a Web Application
Prerequisites
- Learn about the overview of Web Applications.
- Refer to Overview of Sharepoint's components.
- The account used for configuration must have appropriate permissions to manage SharePoint Server.
- Ensure the account has securityadmin and db_owner fixed server role on the SQL Server instance.
What you should know before continuing
Windows Classic authentication mode is not supported in SharePoint Server Subscription Edition.
This article explains how to use the SharePoint Management PowerShell to create a web application that uses claims-based authentication.
Register a managed account
The Managed accounts (actually Service accounts) are used by various farm components to operate. You need to specify a security account when creating a Web Application.
Use the following cmdlet to retrieve accounts registered in the configuration database.
Get-SPManagedAccount
If you haven’t registered an account yet, use the following cmdlet:
The cmdlet will prompt you to enter credentials for the account you want to register.
$cred = Get-Credential
New-SPManagedAccount -Credential $cred
Create a Web Application
Note:
Before using SSL, ensure the certificate is imported, for more information, refer to Certificate Management.
Open the SharePoint Management Shell as administrator, and run the following command:
$ap = New-SPAuthenticationProvider -UseWindowsIntegratedAuthentication
New-SPWebApplication -Name "<ApplicationName>" -URL "<ApplicationURL>" -Port 443 -Path "<Directory for the new Web Application>" -Certificate <A long string> -ApplicationPool "<ApplicationPoolName>" -ApplicationPoolAccount (Get-SPManagedAccount "DOMAIN\User") -DatabaseServer <Server\Instance> -DatabaseName "<ApplicationDatabaseName>" -AuthenticationProvider $ap -SecureSocketsLayer
- -Name
- Specifies the name of the new Web Application.
- -URL
- Specifies the URL for the Web Application.
- -Port
- Specifies the port on which this Web Application can be accessed. This can be any valid port number.
- -Path
- Specifies the directory for the new Web Application in the virtual directories folder.
- -Certificate
- Specifies the certificate for the Web Application. This can be in fingerprint format.
- -ApplicationPool
- Specifies the name of an application pool to use.
- -ApplicationPoolAccount
- Specifies the user account that this application pool will run as.
- -DatabaseServer
- Specifies the database server name. The format that can be used is <Server\Instance>.
- -DatabaseName
- Specifies the name of the initial content database.
- -AuthenticationProvider
- Specifies the authentication provider that applies to this Web Application.
- -SecureSocketsLayer
- Enables Secure Sockets Layer (SSL) encryption.
- -AuthenticationMethod
- Uses
KerberosorNTLMto specify the authentication method.
- Uses
The following example creates an https claims-based web application named "IT Site" with SSL, creates a new application pool named "ITSitePool" and specifies the ITHANDBOOK\itadmin account that this application pool will run as:
$ap = New-SPAuthenticationProvider -UseWindowsIntegratedAuthentication
New-SPWebApplication -Name "IT Site" -URL "https://itsite.ithandbook.org" -Port 443 -Path "C:\inetpub\wwwroot\wss\VirtualDirectories\itsite.ithandbook.org" -Certificate CDAC07497D2E691210967C681b47814EDB2A666C -ApplicationPool "ITSitePool" -ApplicationPoolAccount (Get-SPManagedAccount "ITHANDBOOK\itadmin") -DatabaseServer SP01\SharePoint -DatabaseName "ITSite" -AuthenticationProvider $ap -SecureSocketsLayer -AuthenticationMethod Kerberos
Add administrators for the Web Application
Log in to the Central Administration, and navigate to Application Management → Manage web applications.
Select a web application and click User Policy.
In the new window, click Add Users.
Select the zone if needed.
Click Next to proceed.
Search and add one or more users or groups.
Select the appropriate permissions policy.
For administrators, select Full Control.
Click Finish to close the window.
Next step
- Create a Site
- Create and configure a Site.
