Don’t Claim to Be Someone You are Not

In SharePoint 2010 you have the option of setting your Web Application to use Claims based security or Classic security which is the same as Windows security, aka like we did it in SharePoint 2007. While playing around with an anonymous site which was hosted within a Web App which was configured for claims I came across something interesting that I wanted to make sure you all were aware of. Although your Web Application is configured for claims your OS still uses Windows authentication, this means your AppPool and your IIS anonymous user are not using Claims.

Continue reading “Don’t Claim to Be Someone You are Not”