DSCResources/MSFT_SPWebAppAuthentication/MSFT_SPWebAppAuthentication.psm1

$script:SPDscUtilModulePath = Join-Path -Path $PSScriptRoot -ChildPath '..\..\Modules\SharePointDsc.Util'
Import-Module -Name $script:SPDscUtilModulePath

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $WebAppUrl,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Default,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Intranet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Internet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Extranet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Custom,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $DefaultSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $IntranetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $InternetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $ExtranetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $CustomSettings,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount
    )

    Write-Verbose -Message "Getting web application authentication for '$WebAppUrl'"

    $nullreturn = @{
        WebAppUrl        = $WebAppUrl
        Default          = $null
        Intranet         = $null
        Internet         = $null
        Extranet         = $null
        Custom           = $null
        DefaultSettings  = $null
        IntranetSettings = $null
        InternetSettings = $null
        ExtranetSettings = $null
        CustomSettings   = $null
    }

    if ($PSBoundParameters.ContainsKey("Default") -eq $false -and `
            $PSBoundParameters.ContainsKey("Intranet") -eq $false -and `
            $PSBoundParameters.ContainsKey("Internet") -eq $false -and `
            $PSBoundParameters.ContainsKey("Extranet") -eq $false -and `
            $PSBoundParameters.ContainsKey("Custom") -eq $false -and `
            $PSBoundParameters.ContainsKey("DefaultSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("IntranetSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("InternetSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("ExtranetSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("CustomSettings") -eq $false)
    {
        Write-Verbose -Message "You have to specify at least one parameter."
        return $nullreturn
    }

    if ($PSBoundParameters.ContainsKey("Default"))
    {
        $result = Test-Parameter -Zone $Default
        if ($result -eq $false)
        {
            return $nullreturn
        }
    }

    if ($PSBoundParameters.ContainsKey("Intranet"))
    {
        $result = Test-Parameter -Zone $Intranet
        if ($result -eq $false)
        {
            return $nullreturn
        }
    }

    if ($PSBoundParameters.ContainsKey("Internet"))
    {
        $result = Test-Parameter -Zone $Internet
        if ($result -eq $false)
        {
            return $nullreturn
        }
    }

    if ($PSBoundParameters.ContainsKey("Extranet"))
    {
        $result = Test-Parameter -Zone $Extranet
        if ($result -eq $false)
        {
            return $nullreturn
        }
    }

    if ($PSBoundParameters.ContainsKey("Custom"))
    {
        $result = Test-Parameter -Zone $Custom
        if ($result -eq $false)
        {
            return $nullreturn
        }
    }

    $result = Invoke-SPDscCommand -Credential $InstallAccount `
        -Arguments $PSBoundParameters `
        -ScriptBlock {
        $params = $args[0]

        $wa = Get-SPWebApplication -Identity $params.WebAppUrl -ErrorAction SilentlyContinue
        if ($null -eq $wa)
        {
            Write-Verbose -Message "Specified web application not found!"
            return @{
                WebAppUrl        = $params.WebAppUrl
                Default          = $null
                Intranet         = $null
                Internet         = $null
                Extranet         = $null
                Custom           = $null
                DefaultSettings  = $null
                IntranetSettings = $null
                InternetSettings = $null
                ExtranetSettings = $null
                CustomSettings   = $null
            }
        }

        $zones = $wa.IisSettings.Keys
        $zoneConfig = @{}
        $zoneSettings = @{}

        foreach ($zone in $zones)
        {
            $zoneName = $zone.ToString()
            $zoneConfig.$zoneName = @()
            $zoneSettings.$zoneName = ""

            Write-Verbose -Message "Getting Zone Settings for zone '$zone'"
            $settings = @{
                AnonymousAuthentication    = $wa.IisSettings[$zone].AllowAnonymous
                CustomSignInPage           = $wa.IisSettings[$zone].ClaimsAuthenticationRedirectionUrl
                EnableClientIntegration    = $wa.IisSettings[$zone].EnableClientIntegration
                RequireUseRemoteInterfaces = $wa.IisSettings[$zone].ClientObjectModelRequiresUseRemoteAPIsPermission
            }

            $zoneSettings.$zoneName = $settings

            Write-Verbose -Message "Getting Authentication Methods for zone '$zone'"
            $authProviders = Get-SPAuthenticationProvider -WebApplication $params.WebAppUrl -Zone $zone
            if ($null -eq $authProviders)
            {
                $provider = @{
                    AuthenticationMethod   = "Classic"
                    WindowsAuthMethod      = $null
                    UseBasicAuth           = $null
                    AuthenticationProvider = $null
                    MembershipProvider     = $null
                    RoleProvider           = $null
                }

                $zoneConfig.$zoneName += $provider
            }
            else
            {
                foreach ($authProvider in $authProviders)
                {
                    $localAuthMode = $null
                    $windowsAuthMethod = $null
                    $basicAuth = $null
                    $authenticationProvider = $null
                    $roleProvider = $null
                    $membershipProvider = $null

                    if ($authProvider.ClaimProviderName -eq 'AD')
                    {
                        $localAuthMode = "WindowsAuthentication"
                        if ($authProvider.DisableKerberos -eq $true)
                        {
                            $windowsAuthMethod = "NTLM"
                        }
                        else
                        {
                            $windowsAuthMethod = "Kerberos"
                        }

                        if ($authProvider.UseBasicAuthentication -eq $true)
                        {
                            $basicAuth = $true
                        }
                        else
                        {
                            $basicAuth = $false
                        }
                    }
                    elseif ($authProvider.ClaimProviderName -eq 'Forms')
                    {
                        $localAuthMode = "FBA"
                        $roleProvider = $authProvider.RoleProvider
                        $membershipProvider = $authProvider.MembershipProvider
                    }
                    else
                    {
                        $localAuthMode = "Federated"
                        $authenticationProvider = $authProvider.DisplayName
                    }

                    $provider = @{
                        AuthenticationMethod   = $localAuthMode
                        WindowsAuthMethod      = $windowsAuthMethod
                        UseBasicAuth           = $basicAuth
                        AuthenticationProvider = $authenticationProvider
                        MembershipProvider     = $membershipProvider
                        RoleProvider           = $roleProvider
                    }

                    $zoneConfig.$zoneName += $provider
                }
            }
        }

        return @{
            WebAppUrl        = $params.WebAppUrl
            Default          = $zoneConfig.Default
            Intranet         = $zoneConfig.Intranet
            Internet         = $zoneConfig.Internet
            Extranet         = $zoneConfig.Extranet
            Custom           = $zoneConfig.Custom
            DefaultSettings  = $zoneSettings.Default
            IntranetSettings = $zoneSettings.Intranet
            InternetSettings = $zoneSettings.Internet
            ExtranetSettings = $zoneSettings.Extranet
            CustomSettings   = $zoneSettings.Custom
        }
    }
    return $result
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $WebAppUrl,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Default,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Intranet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Internet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Extranet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Custom,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $DefaultSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $IntranetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $InternetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $ExtranetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $CustomSettings,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount
    )

    Write-Verbose -Message "Setting web application authentication for '$WebAppUrl'"

    # Test is at least one zone is specified
    if ($PSBoundParameters.ContainsKey("Default") -eq $false -and `
            $PSBoundParameters.ContainsKey("Intranet") -eq $false -and `
            $PSBoundParameters.ContainsKey("Internet") -eq $false -and `
            $PSBoundParameters.ContainsKey("Extranet") -eq $false -and `
            $PSBoundParameters.ContainsKey("Custom") -eq $false -and `
            $PSBoundParameters.ContainsKey("DefaultSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("IntranetSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("InternetSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("ExtranetSettings") -eq $false -and `
            $PSBoundParameters.ContainsKey("CustomSettings") -eq $false)
    {
        $message = "You have to specify at least one parameter."
        Add-SPDscEvent -Message $message `
            -EntryType 'Error' `
            -EventID 100 `
            -Source $MyInvocation.MyCommand.Source
        throw $message
    }

    # Perform test on specified configurations for each zone
    if ($PSBoundParameters.ContainsKey("Default"))
    {
        Test-Parameter -Zone $Default -Exception
    }

    if ($PSBoundParameters.ContainsKey("Intranet"))
    {
        Test-Parameter -Zone $Intranet -Exception
    }

    if ($PSBoundParameters.ContainsKey("Internet"))
    {
        Test-Parameter -Zone $Internet -Exception
    }

    if ($PSBoundParameters.ContainsKey("Extranet"))
    {
        Test-Parameter -Zone $Extranet -Exception
    }

    if ($PSBoundParameters.ContainsKey("Custom"))
    {
        Test-Parameter -Zone $Custom -Exception
    }

    # Get current authentication method
    $authMethod = Invoke-SPDscCommand -Credential $InstallAccount `
        -Arguments @($PSBoundParameters, $MyInvocation.MyCommand.Source) `
        -ScriptBlock {
        $params = $args[0]
        $eventSource = $args[1]

        $wa = Get-SPWebApplication -Identity $params.WebAppUrl -ErrorAction SilentlyContinue
        if ($null -eq $wa)
        {
            $message = "Specified Web Application $($params.WebAppUrl) does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $eventSource
            throw $message
        }

        $authProviders = Get-SPAuthenticationProvider -WebApplication $params.WebAppUrl -Zone Default
        if ($null -eq $authProviders)
        {
            return "Classic"
        }
        else
        {
            return "Claims"
        }
    }

    # Check if web application is configured as Classic, but the config specifies a Claim model
    # This resource does not support Classic to Claims conversion.
    if ($authMethod -eq "Classic")
    {
        if ($PSBoundParameters.ContainsKey("Default"))
        {
            Test-ZoneIsNotClassic -Zone $Default
        }

        if ($PSBoundParameters.ContainsKey("Intranet"))
        {
            Test-ZoneIsNotClassic -Zone $Intranet
        }

        if ($PSBoundParameters.ContainsKey("Internet"))
        {
            Test-ZoneIsNotClassic -Zone $Internet
        }

        if ($PSBoundParameters.ContainsKey("Extranet"))
        {
            Test-ZoneIsNotClassic -Zone $Extranet
        }

        if ($PSBoundParameters.ContainsKey("Custom"))
        {
            Test-ZoneIsNotClassic -Zone $Custom
        }
    }

    $CurrentValues = Get-TargetResource @PSBoundParameters

    if ($Default)
    {
        # Test if current config matches desired config
        Write-Verbose -Message "Testing Authentication for Default zone"
        $result = Test-ZoneConfiguration -DesiredConfig $Default `
            -CurrentConfig $CurrentValues.Default

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Authentication for Default zone"
            Set-ZoneConfiguration -WebAppUrl $WebAppUrl -Zone "Default" -DesiredConfig $Default
        }
    }

    if ($DefaultSettings)
    {
        # Test if current config matches desired config
        Write-Verbose -Message "Testing Settings for Default zone"
        $result = Test-ZoneSettings -DesiredSettings $DefaultSettings `
            -CurrentSettings $CurrentValues.DefaultSettings

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Settings for Default zone"
            Set-ZoneSettings -WebAppUrl $WebAppUrl -Zone "Default" -DesiredSettings $DefaultSettings
        }
    }

    if ($Intranet)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.Intranet)
        {
            $message = "Specified zone Intranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Authentication for Intranet zone"
        $result = Test-ZoneConfiguration -DesiredConfig $Intranet `
            -CurrentConfig $CurrentValues.Intranet

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Authentication for Intranet zone"
            Set-ZoneConfiguration -WebAppUrl $WebAppUrl -Zone "Intranet" -DesiredConfig $Intranet
        }
    }

    if ($IntranetSettings)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.IntranetSettings)
        {
            $message = "Specified zone Intranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Settings for Intranet zone"
        $result = Test-ZoneSettings -DesiredSettings $IntranetSettings `
            -CurrentSettings $CurrentValues.IntranetSettings

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Settings for Intranet zone"
            Set-ZoneSettings -WebAppUrl $WebAppUrl -Zone "Intranet" -DesiredSettings $IntranetSettings
        }
    }

    if ($Internet)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.Internet)
        {
            $message = "Specified zone Internet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Authentication for Internet zone"
        $result = Test-ZoneConfiguration -DesiredConfig $Internet `
            -CurrentConfig $CurrentValues.Internet

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Authentication for Internet zone"
            Set-ZoneConfiguration -WebAppUrl $WebAppUrl -Zone "Internet" -DesiredConfig $Internet
        }
    }

    if ($InternetSettings)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.InternetSettings)
        {
            $message = "Specified zone Internet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Settings for Internet zone"
        $result = Test-ZoneSettings -DesiredSettings $InternetSettings `
            -CurrentSettings $CurrentValues.InternetSettings

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Settings for Internet zone"
            Set-ZoneSettings -WebAppUrl $WebAppUrl -Zone "Internet" -DesiredSettings $InternetSettings
        }
    }

    if ($Extranet)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.Extranet)
        {
            $message = "Specified zone Extranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Authentication for Extranet zone"
        $result = Test-ZoneConfiguration -DesiredConfig $Extranet `
            -CurrentConfig $CurrentValues.Extranet

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Authentication for Extranet zone"
            Set-ZoneConfiguration -WebAppUrl $WebAppUrl -Zone "Extranet" -DesiredConfig $Extranet
        }
    }

    if ($ExtranetSettings)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.ExtranetSettings)
        {
            $message = "Specified zone Extranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Settings for Extranet zone"
        $result = Test-ZoneSettings -DesiredSettings $ExtranetSettings `
            -CurrentSettings $CurrentValues.ExtranetSettings

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Settings for Extranet zone"
            Set-ZoneSettings -WebAppUrl $WebAppUrl -Zone "Extranet" -DesiredSettings $ExtranetSettings
        }
    }

    if ($Custom)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.Custom)
        {
            $message = "Specified zone Custom does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Authentication for Custom zone"
        $result = Test-ZoneConfiguration -DesiredConfig $Custom `
            -CurrentConfig $CurrentValues.Custom

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Authentication for Custom zone"
            Set-ZoneConfiguration -WebAppUrl $WebAppUrl -Zone "Custom" -DesiredConfig $Custom
        }
    }

    if ($CustomSettings)
    {
        # Check if specified zone exists
        if ($null -eq $CurrentValues.CustomSettings)
        {
            $message = "Specified zone Custom does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        # Test if current config matches desired config
        Write-Verbose -Message "Testing Settings for Custom zone"
        $result = Test-ZoneSettings -DesiredSettings $CustomSettings `
            -CurrentSettings $CurrentValues.CustomSettings

        # If that is the case, set desired config.
        if ($result -eq $false)
        {
            Write-Verbose -Message "Correcting Settings for Custom zone"
            Set-ZoneSettings -WebAppUrl $WebAppUrl -Zone "Custom" -DesiredSettings $CustomSettings
        }
    }
}

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter(Mandatory = $true)]
        [System.String]
        $WebAppUrl,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Default,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Intranet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Internet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Extranet,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $Custom,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $DefaultSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $IntranetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $InternetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $ExtranetSettings,

        [Parameter()]
        [Microsoft.Management.Infrastructure.CimInstance]
        $CustomSettings,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $InstallAccount
    )

    Write-Verbose -Message "Testing web application authentication for '$WebAppUrl'"

    $CurrentValues = Get-TargetResource @PSBoundParameters

    Write-Verbose -Message "Current Values: $(Convert-SPDscHashtableToString -Hashtable $CurrentValues)"
    Write-Verbose -Message "Target Values: $(Convert-SPDscHashtableToString -Hashtable $PSBoundParameters)"

    if ($null -eq $CurrentValues.Default -and `
            $null -eq $CurrentValues.Intranet -and `
            $null -eq $CurrentValues.Internet -and `
            $null -eq $CurrentValues.Extranet -and `
            $null -eq $CurrentValues.Custom -and `
            $null -eq $CurrentValues.DefaultSettings -and `
            $null -eq $CurrentValues.IntranetSettings -and `
            $null -eq $CurrentValues.InternetSettings -and `
            $null -eq $CurrentValues.ExtranetSettings -and `
            $null -eq $CurrentValues.CustomSettings)
    {
        Write-Verbose -Message "Test-TargetResource returned false"
        return $false
    }

    if ($Default)
    {
        Write-Verbose -Message "Testing Authentication for Default zone"
        $result = Test-ZoneConfiguration -DesiredConfig $Default `
            -CurrentConfig $CurrentValues.Default `
            -ZoneName "Default"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter Default does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($DefaultSettings)
    {
        Write-Verbose -Message "Testing Settings for Default zone"
        $result = Test-ZoneSettings -DesiredSettings $DefaultSettings `
            -CurrentSettings $CurrentValues.DefaultSettings `
            -ZoneName "Default"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter DefaultSettings does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($Intranet)
    {
        Write-Verbose -Message "Testing Authentication for Intranet zone"
        if ($null -eq $CurrentValues.Intranet)
        {
            $message = "Specified zone Intranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        $result = Test-ZoneConfiguration -DesiredConfig $Intranet `
            -CurrentConfig $CurrentValues.Intranet `
            -ZoneName "Intranet"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter Intranet does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($IntranetSettings)
    {
        Write-Verbose -Message "Testing Settings for Intranet zone"
        if ($null -eq $CurrentValues.IntranetSettings)
        {
            $message = "Specified zone Intranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        $result = Test-ZoneSettings -DesiredSettings $IntranetSettings `
            -CurrentSettings $CurrentValues.IntranetSettings `
            -ZoneName "Intranet"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter IntranetSettings does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($Internet)
    {
        Write-Verbose -Message "Testing Authentication for Internet zone"
        if ($null -eq $CurrentValues.Internet)
        {
            $message = "Specified zone Internet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        $result = Test-ZoneConfiguration -DesiredConfig $Internet `
            -CurrentConfig $CurrentValues.Internet `
            -ZoneName "Internet"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter Internet does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($InternetSettings)
    {
        Write-Verbose -Message "Testing Settings for Internet zone"
        if ($null -eq $CurrentValues.InternetSettings)
        {
            $message = "Specified zone Internet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        $result = Test-ZoneSettings -DesiredSettings $InternetSettings `
            -CurrentSettings $CurrentValues.InternetSettings `
            -ZoneName "Internet"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter InternetSettings does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($Extranet)
    {
        Write-Verbose -Message "Testing Authentication for Extranet zone"
        if ($null -eq $CurrentValues.Extranet)
        {
            $message = "Specified zone Extranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        $result = Test-ZoneConfiguration -DesiredConfig $Extranet `
            -CurrentConfig $CurrentValues.Extranet `
            -ZoneName "Extranet"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter Extranet does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($ExtranetSettings)
    {
        Write-Verbose -Message "Testing Settings for Extranet zone"
        if ($null -eq $CurrentValues.ExtranetSettings)
        {
            $message = "Specified zone Extranet does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }

        $result = Test-ZoneSettings -DesiredSettings $ExtranetSettings `
            -CurrentSettings $CurrentValues.ExtranetSettings `
            -ZoneName "Extranet"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter ExtranetSettings does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($Custom)
    {
        Write-Verbose -Message "Testing Authentication for Custom zone"
        if ($null -eq $CurrentValues.Custom)
        {
            $message = "Specified zone Custom does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
            Write-Verbose -Message "Test-TargetResource returned false"
        }

        $result = Test-ZoneConfiguration -DesiredConfig $Custom `
            -CurrentConfig $CurrentValues.Custom `
            -ZoneName "Custom"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter Custom does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    if ($CustomSettings)
    {
        Write-Verbose -Message "Testing Settings for Custom zone"
        if ($null -eq $CurrentValues.CustomSettings)
        {
            $message = "Specified zone Custom does not exist"
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
            Write-Verbose -Message "Test-TargetResource returned false"
        }

        $result = Test-ZoneSettings -DesiredSettings $CustomSettings `
            -CurrentSettings $CurrentValues.CustomSettings `
            -ZoneName "Custom"

        if ($result -eq $false)
        {
            Write-Verbose -Message "Parameter CustomSettings does not match Desired values"
            Write-Verbose -Message "Test-TargetResource returned false"
            return $false
        }
    }

    Write-Verbose -Message "Test-TargetResource returned true"
    return $true
}

Export-ModuleMember -Function *-TargetResource

function Test-Parameter()
{
    param (
        [Parameter(Mandatory = $true)]
        $Zone,

        [Parameter()]
        [switch]
        $Exception
    )

    foreach ($zoneConfig in $Zone)
    {
        $authProviderUsed = $false
        $winAuthMethodUsed = $false
        $useBasicAuthUsed = $false
        $membProviderUsed = $false
        $roleProviderUsed = $false
        # Check if the config contains the AuthenticationProvider Property
        $prop = $zoneConfig.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "AuthenticationProvider"
        }
        if ($null -ne $prop.Value)
        {
            $authProviderUsed = $true
        }

        # Check if the config contains the MembershipProvider Property
        $prop = $zoneConfig.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "MembershipProvider"
        }
        if ($null -ne $prop.Value)
        {
            $membProviderUsed = $true
        }

        # Check if the config contains the WindowsAuthMethod Property
        $prop = $zoneConfig.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "WindowsAuthMethod"
        }
        if ($null -ne $prop.Value)
        {
            $winAuthMethodUsed = $true
        }

        # Check if the config contains the UseBasicAuth Property
        $prop = $zoneConfig.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "UseBasicAuth"
        }
        if ($null -ne $prop.Value)
        {
            $useBasicAuthUsed = $true
        }

        # Check if the config contains the MembershipProvider Property
        $prop = $zoneConfig.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "MembershipProvider"
        }
        if ($null -ne $prop.Value)
        {
            $membProviderUsed = $true
        }

        # Check if the config contains the RoleProvider Property
        $prop = $zoneConfig.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "RoleProvider"
        }
        if ($null -ne $prop.Value)
        {
            $roleProviderUsed = $true
        }

        switch ($zoneConfig.AuthenticationMethod)
        {
            "Classic"
            {
                $InstalledVersion = Get-SPDscInstalledProductVersion
                if ($InstalledVersion.FileMajorPart -ge 16)
                {
                    Write-Verbose ("AuthenticationMethod is set to Classic. Please note this " + `
                            "is unsupported for Production use in SharePoint 2016 and later")
                }
            }
            "WindowsAuthentication"
            {
                if ($winAuthMethodUsed -eq $false)
                {
                    $message = "You have to specify WindowsAuthMethod when " + `
                        "using WindowsAuthentication"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }

                if ($authProviderUsed -eq $true -or `
                        $membProviderUsed -eq $true -or `
                        $roleProviderUsed -eq $true)
                {
                    $message = "You cannot use AuthenticationProvider, MembershipProvider " + `
                        "or RoleProvider when using WindowsAuthentication"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }
            }
            "FBA"
            {
                if ($membProviderUsed -eq $false -or `
                        $roleProviderUsed -eq $false)
                {
                    $message = "You have to specify MembershipProvider and " + `
                        "RoleProvider when using FBA"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }

                if ($winAuthMethodUsed -eq $true -or `
                        $useBasicAuthUsed -eq $true)
                {
                    $message = "You cannot use WindowsAuthMethod or UseBasicAuth " + `
                        "when using FBA"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }

                if ($authProviderUsed -eq $true)
                {
                    $message = "You cannot use AuthenticationProvider when " + `
                        "using FBA"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }
            }
            "Federated"
            {
                if ($membProviderUsed -eq $true -or `
                        $roleProviderUsed -eq $true)
                {
                    $message = "You cannot use MembershipProvider or " + `
                        "RoleProvider when using Federated"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }

                if ($winAuthMethodUsed -eq $true -or `
                        $useBasicAuthUsed -eq $true)
                {
                    $message = "You cannot use WindowsAuthMethod or UseBasicAuth " + `
                        "when using Federated"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }

                if ($authProviderUsed -eq $false)
                {
                    $message = "You have to specify AuthenticationProvider when " + `
                        "using Federated"
                    if ($Exception)
                    {
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $MyInvocation.MyCommand.Source
                        throw $message
                    }
                    else
                    {
                        Write-Verbose -Message $message
                        return $false
                    }
                }

            }
        }
    }
    if (-not $Exception)
    {
        return $true
    }
}

function Test-ZoneIsNotClassic()
{
    param (
        [Parameter(Mandatory = $true)]
        $Zone
    )

    foreach ($desiredAuth in $Zone)
    {
        if ($desiredAuth.AuthenticationMethod -ne "Classic")
        {
            $message = ("Specified Web Application is using Classic Authentication and " + `
                    "Claims Authentication is specified. Please use " + `
                    "Convert-SPWebApplication first!")
            Add-SPDscEvent -Message $message `
                -EntryType 'Error' `
                -EventID 100 `
                -Source $MyInvocation.MyCommand.Source
            throw $message
        }
    }
}

function Set-ZoneConfiguration()
{
    param (
        [Parameter(Mandatory = $true)]
        [System.String]
        $WebAppUrl,

        [Parameter(Mandatory = $true)]
        [ValidateSet("Default", "Intranet", "Internet", "Extranet", "Custom")]
        [System.String]
        $Zone,

        [Parameter(Mandatory = $true)]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $DesiredConfig
    )

    Invoke-SPDscCommand -Credential $InstallAccount `
        -Arguments @($PSBoundParameters, $MyInvocation.MyCommand.Source) `
        -ScriptBlock {
        $params = $args[0]
        $eventSource = $args[1]

        $ap = @()

        foreach ($zoneConfig in $params.DesiredConfig)
        {
            switch ($zoneConfig.AuthenticationMethod)
            {
                "WindowsAuthentication"
                {
                    $apParams = @{
                        UseWindowsIntegratedAuthentication = $true
                    }

                    if ($zoneConfig.WindowsAuthMethod -eq "Kerberos")
                    {
                        $apParams.DisableKerberos = $false
                    }

                    if ($zoneConfig.UseBasicAuth -eq $true)
                    {
                        $apParams.UseBasicAuthentication = $true
                    }

                    $newap = New-SPAuthenticationProvider @apParams
                }
                "FBA"
                {
                    $newap = New-SPAuthenticationProvider -ASPNETMembershipProvider $zoneConfig.MembershipProvider `
                        -ASPNETRoleProviderName $zoneConfig.RoleProvider
                }
                "Federated"
                {
                    $tokenIssuer = Get-SPTrustedIdentityTokenIssuer -Identity $zoneConfig.AuthenticationProvider `
                        -ErrorAction SilentlyContinue
                    if ($null -eq $tokenIssuer)
                    {
                        $message = ("Specified AuthenticationProvider $($zoneConfig.AuthenticationProvider) " + `
                                "does not exist")
                        Add-SPDscEvent -Message $message `
                            -EntryType 'Error' `
                            -EventID 100 `
                            -Source $eventSource
                        throw $message
                    }
                    $newap = New-SPAuthenticationProvider -TrustedIdentityTokenIssuer $tokenIssuer
                }
            }
            $ap += $newap
        }

        Set-SPWebApplication -Identity $params.WebAppUrl -Zone $params.Zone -AuthenticationProvider $ap
    }
}

function Set-ZoneSettings()
{
    param (
        [Parameter(Mandatory = $true)]
        [System.String]
        $WebAppUrl,

        [Parameter(Mandatory = $true)]
        [ValidateSet("Default", "Intranet", "Internet", "Extranet", "Custom")]
        [System.String]
        $Zone,

        [Parameter(Mandatory = $true)]
        [Microsoft.Management.Infrastructure.CimInstance]
        $DesiredSettings
    )

    Invoke-SPDscCommand -Credential $InstallAccount `
        -Arguments $PSBoundParameters `
        -ScriptBlock {
        $params = $args[0]

        $wa = Get-SPWebApplication -Identity $params.WebAppUrl

        #Anonymous Authentication: True/False
        $prop = $params.DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "AnonymousAuthentication"
        }
        if ($null -ne $prop.Value)
        {
            Write-Verbose -Message ("Updating AnonymousAuthentication to " + `
                    "$($params.DesiredSettings.AnonymousAuthentication) for zone $($params.Zone)")
            $wa.IisSettings[$params.Zone].AllowAnonymous = $params.DesiredSettings.AnonymousAuthentication
        }

        #Custom Sign In Page (Empty string for default, URL for custom)
        $prop = $params.DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "CustomSignInPage"
        }
        if ($null -ne $prop.Value)
        {
            Write-Verbose -Message ("Updating CustomSignInPage to " + `
                    "$($params.DesiredSettings.CustomSignInPage) for zone $($params.Zone)")
            $wa.IisSettings[$params.Zone].ClaimsAuthenticationRedirectionUrl = $params.DesiredSettings.CustomSignInPage
        }

        #Require Use Remote Interfaces permission: True/False
        $prop = $params.DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "RequireUseRemoteInterfaces"
        }
        if ($null -ne $prop.Value)
        {
            Write-Verbose -Message ("Updating RequireUseRemoteInterfaces to " + `
                    "$($params.DesiredSettings.RequireUseRemoteInterfaces) for zone $($params.Zone)")
            $wa.IisSettings[$params.Zone].ClientObjectModelRequiresUseRemoteAPIsPermission = $params.DesiredSettings.RequireUseRemoteInterfaces
        }

        #Enable Client Integration
        $prop = $params.DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
            $_.Name -eq "EnableClientIntegration"
        }
        if ($null -ne $prop.Value)
        {
            Write-Verbose -Message ("Updating EnableClientIntegration to " + `
                    "$($params.DesiredSettings.EnableClientIntegration) for zone $($params.Zone)")
            $wa.IisSettings[$params.Zone].EnableClientIntegration = $params.DesiredSettings.EnableClientIntegration
        }

        Write-Verbose -Message "Committing changes to web application"
        $wa.Update()
    }
}

function Test-ZoneConfiguration()
{
    param (
        [Parameter(Mandatory = $true)]
        [Microsoft.Management.Infrastructure.CimInstance[]]
        $DesiredConfig,

        [Parameter(Mandatory = $true)]
        [System.Collections.Hashtable[]]
        $CurrentConfig,

        [Parameter()]
        [System.String]
        $ZoneName
    )

    # Testing specified configuration against configured values
    foreach ($zoneConfig in $DesiredConfig)
    {
        switch ($zoneConfig.AuthenticationMethod)
        {
            "Classic"
            {
                $configuredMethod = $CurrentConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod
                    }
            }
            "WindowsAuthentication"
            {
                if ($null -eq $zoneConfig.UseBasicAuth)
                {
                    $configuredMethod = $CurrentConfig | `
                            Where-Object -FilterScript {
                            $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                                $_.WindowsAuthMethod -eq $zoneConfig.WindowsAuthMethod
                        }
                }
                else
                {
                    $configuredMethod = $CurrentConfig | `
                            Where-Object -FilterScript {
                            $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                                $_.WindowsAuthMethod -eq $zoneConfig.WindowsAuthMethod -and `
                                $_.UseBasicAuth -eq $zoneConfig.UseBasicAuth
                        }
                }
            }
            "FBA"
            {
                $configuredMethod = $CurrentConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                            $_.MembershipProvider -eq $zoneConfig.MembershipProvider -and `
                            $_.RoleProvider -eq $zoneConfig.RoleProvider
                    }
            }
            "Federated"
            {
                $configuredMethod = $CurrentConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                            $_.AuthenticationProvider -eq $zoneConfig.AuthenticationProvider
                    }
            }
        }

        if ($null -eq $configuredMethod)
        {
            if ($PSBoundParameters.ContainsKey('ZoneName') -eq $true)
            {
                $source = $MyInvocation.MyCommand.Source

                $EventMessage = "<SPDscEvent>`r`n"
                $EventMessage += " <ConfigurationDrift Source=`"$source`">`r`n"

                $EventMessage += " <ParametersNotInDesiredState>`r`n"
                foreach ($item in $CurrentConfig)
                {
                    $EventMessage += " <AuthenticationMethod>`r`n"
                    foreach ($key in $item.Keys)
                    {
                        if (-not ([String]::IsNullOrEmpty($item.$key)))
                        {
                            $EventMessage += " <Param Name=`"$($key)`">" + $item.$key + "</Param>`r`n"
                        }
                    }
                    $EventMessage += " </AuthenticationMethod>`r`n"
                }
                $EventMessage += " </ParametersNotInDesiredState>`r`n"
                $EventMessage += " </ConfigurationDrift>`r`n"
                $EventMessage += " <DesiredValues>`r`n"
                $EventMessage += " <Zone>`r`n"
                $EventMessage += " <ZoneName>$ZoneName</ZoneName>`r`n"
                foreach ($desired in $DesiredConfig)
                {
                    $EventMessage += " <AuthenticationMethod>`r`n"
                    foreach ($prop in $desired.CimInstanceProperties)
                    {
                        $EventMessage += " <Param Name=`"$($prop.Name)`">" + $prop.Value + "</Param>`r`n"

                    }
                    $EventMessage += " </AuthenticationMethod>`r`n"
                }
                $EventMessage += " </Zone>`r`n"
                $EventMessage += " </DesiredValues>`r`n"
                $EventMessage += "</SPDscEvent>"

                Add-SPDscEvent -Message $EventMessage -EntryType 'Error' -EventID 1 -Source $source
            }

            return $false
        }
    }

    # Reverse: Testing configured values against specified configuration
    foreach ($zoneConfig in $CurrentConfig)
    {
        switch ($zoneConfig.AuthenticationMethod)
        {
            "Classic"
            {
                $specifiedMethod = $DesiredConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod
                    }
            }
            "WindowsAuthentication"
            {
                $specifiedMethod = $DesiredConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                            $_.WindowsAuthMethod -eq $zoneConfig.WindowsAuthMethod
                    }

                if ($null -ne $specifiedMethod.UseBasicAuth)
                {
                    $specifiedMethod = $specifiedMethod | `
                            Where-Object -FilterScript {
                            $_.UseBasicAuth -eq $zoneConfig.UseBasicAuth
                        }
                }
            }
            "FBA"
            {
                $specifiedMethod = $DesiredConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                            $_.MembershipProvider -eq $zoneConfig.MembershipProvider -and `
                            $_.RoleProvider -eq $zoneConfig.RoleProvider
                    }
            }
            "Federated"
            {
                $specifiedMethod = $DesiredConfig | `
                        Where-Object -FilterScript {
                        $_.AuthenticationMethod -eq $zoneConfig.AuthenticationMethod -and `
                            $_.AuthenticationProvider -eq $zoneConfig.AuthenticationProvider
                    }
            }
        }

        if ($null -eq $specifiedMethod)
        {
            if ($PSBoundParameters.ContainsKey('ZoneName') -eq $true)
            {
                $source = $MyInvocation.MyCommand.Source

                $EventMessage = "<SPDscEvent>`r`n"
                $EventMessage += " <ConfigurationDrift Source=`"$source`">`r`n"

                $EventMessage += " <ParametersNotInDesiredState>`r`n"
                foreach ($item in $CurrentConfig)
                {
                    $EventMessage += " <AuthenticationMethod>`r`n"
                    foreach ($key in $item.Keys)
                    {
                        if (-not ([String]::IsNullOrEmpty($item.$key)))
                        {
                            $EventMessage += " <Param Name=`"$($key)`">" + $item.$key + "</Param>`r`n"
                        }
                    }
                    $EventMessage += " </AuthenticationMethod>`r`n"
                }
                $EventMessage += " </ParametersNotInDesiredState>`r`n"
                $EventMessage += " </ConfigurationDrift>`r`n"
                $EventMessage += " <DesiredValues>`r`n"
                $EventMessage += " <Zone>`r`n"
                $EventMessage += " <ZoneName>$ZoneName</ZoneName>`r`n"
                foreach ($desired in $DesiredConfig)
                {
                    $EventMessage += " <AuthenticationMethod>`r`n"
                    foreach ($prop in $desired.CimInstanceProperties)
                    {
                        $EventMessage += " <Param Name=`"$($prop.Name)`">" + $prop.Value + "</Param>`r`n"

                    }
                    $EventMessage += " </AuthenticationMethod>`r`n"
                }
                $EventMessage += " </Zone>`r`n"
                $EventMessage += " </DesiredValues>`r`n"
                $EventMessage += "</SPDscEvent>"

                Add-SPDscEvent -Message $EventMessage -EntryType 'Error' -EventID 1 -Source $source
            }

            return $false
        }
    }
    return $true
}

function Test-ZoneSettings()
{
    param
    (
        [Parameter(Mandatory = $true)]
        [Microsoft.Management.Infrastructure.CimInstance]
        $DesiredSettings,

        [Parameter(Mandatory = $true)]
        [System.Collections.Hashtable]
        $CurrentSettings,

        [Parameter()]
        [System.String]
        $ZoneName
    )

    # Testing specified configuration against configured values
    $parametersNotInDesiredState = @()
    $prop = $DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
        $_.Name -eq "AnonymousAuthentication"
    }
    if ($null -ne $prop.Value)
    {
        if ($CurrentSettings.AnonymousAuthentication -ne $DesiredSettings.AnonymousAuthentication)
        {
            Write-Verbose "AnonymousAuthentication does not match"
            $parametersNotInDesiredState += "AnonymousAuthentication"
        }
    }

    $prop = $DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
        $_.Name -eq "CustomSignInPage"
    }
    if ($null -ne $prop.Value)
    {
        if ($CurrentSettings.CustomSignInPage -ne $DesiredSettings.CustomSignInPage)
        {
            Write-Verbose "CustomSignInPage does not match"
            $parametersNotInDesiredState += "CustomSignInPage"
        }
    }

    $prop = $DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
        $_.Name -eq "EnableClientIntegration"
    }
    if ($null -ne $prop.Value)
    {
        if ($CurrentSettings.EnableClientIntegration -ne $DesiredSettings.EnableClientIntegration)
        {
            Write-Verbose "EnableClientIntegration does not match"
            $parametersNotInDesiredState += "EnableClientIntegration"
        }
    }

    $prop = $DesiredSettings.CimInstanceProperties | Where-Object -FilterScript {
        $_.Name -eq "RequireUseRemoteInterfaces"
    }
    if ($null -ne $prop.Value)
    {
        if ($CurrentSettings.RequireUseRemoteInterfaces -ne $DesiredSettings.RequireUseRemoteInterfaces)
        {
            Write-Verbose "RequireUseRemoteInterfaces does not match"
            $parametersNotInDesiredState += "RequireUseRemoteInterfaces"
        }
    }

    if ($parametersNotInDesiredState.Count -ne 0)
    {
        if ($PSBoundParameters.ContainsKey('ZoneName') -eq $true)
        {
            $source = $MyInvocation.MyCommand.Source

            $EventMessage = "<SPDscEvent>`r`n"
            $EventMessage += " <ConfigurationDrift Source=`"$source`">`r`n"

            $EventMessage += " <ParametersNotInDesiredState>`r`n"
            foreach ($parameter in $parametersNotInDesiredState)
            {
                $EventMessage += " <Parameter>`r`n"
                $EventMessage += " <Param Name=`"$parameter`">" + $CurrentSettings.$parameter + "</Param>`r`n"
                $EventMessage += " </Parameter>`r`n"
            }
            $EventMessage += " </ParametersNotInDesiredState>`r`n"
            $EventMessage += " </ConfigurationDrift>`r`n"
            $EventMessage += " <DesiredValues>`r`n"
            $EventMessage += " <Zone>`r`n"
            $EventMessage += " <ZoneName>$ZoneName</ZoneName>`r`n"
            $EventMessage += " <Parameter>`r`n"
            foreach ($prop in $DesiredSettings.CimInstanceProperties)
            {
                $EventMessage += " <Param Name=`"$($prop.Name)`">" + $prop.Value + "</Param>`r`n"

            }
            $EventMessage += " </Parameter>`r`n"
            $EventMessage += " </Zone>`r`n"
            $EventMessage += " </DesiredValues>`r`n"
            $EventMessage += "</SPDscEvent>"

            Add-SPDscEvent -Message $EventMessage -EntryType 'Error' -EventID 1 -Source $source
        }

        return $false
    }

    return $true
}