When you convert a SharePoint 2013 classic-mode web application to claims-based authentication, is important migrate all existing users, otherwise nobody can access to application. For this scope you have to launch this powershell script:
# configure the policy to enable the user to have full access: $WebAppName = "http://yourWebAppUrl" $wa = get-SPWebApplication $WebAppName $account = "yourDomain\yourUser"; $account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString() $wa = get-SPWebApplication $WebAppName $zp = $wa.ZonePolicies("Default") $p = $zp.Add($account,"PSPolicy") $fc=$wa.PolicyRoles.GetSpecialRole("FullControl") $p.PolicyRoleBindings.Add($fc) $wa.Update() # perform user migration $wa.MigrateUsers($true) # perform provisioning $wa.ProvisionGlobally()
When it has finished if before your account was in this format domain\AccountName after executed this script your account will be i:0#.w|domain\AccountName, I suggest to check UserInfo table, field tp_Login, that all users have this new format.
Other thing that you must to do is update object cache user account: superuseraccount and superreaderaccount otherwise you could have an access denied when you try access on the application.
$wa.Properties["portalsuperuseraccount"] = "i:0#.w|domain\sp-superuser" $wa.Properties["portalsuperreaderaccount"] = "i:0#.w|domain\sp-superread" $wa.Update()
Simone F.
Simone Ferrazzo 