This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 31%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
When my web application is sending the browser to ADFS for authentication, ADFS is challenging the user with "BASIC Authentication"
As a result, browser is asking user to provide username and password.
My problem is, if I am using Firefox I get the standard HTML basic-auth popup as attached in the screen-shot.
However, if I am using Edge then I am seeing the native "windows security" popup as attached in the screen-shot.
My understanding is that this is the default interpretation of Edge browser to resolve basic-authentication.
I do not want edge to behave this way.
Is it possible to configure edge to take the standard html popup route ??
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 34%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENV%3C/text%3E%3C/svg%3E)
Hi,
If you are not going to use IWA, you might want to go to your ADFS server and disable Windows Authentication and allow forms authentication so that you don't get that authentication pop up. That Authentication Window is a Basic Authentication Popup because Negotiate (Kerberos, then NTLM) has failed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 45%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
Hello @testuser7
Try below steps and see if this is the experience you are looking for
You could open Internet Options and check the User Authentication option:
Type "Internet Options" in the search box next to the Start menu button.
Open Internet Options and click on Security tab.
If the site is in Internet zone, click on Internet and under Security level click on Custon level.
Scroll down for User Authentication and check if you have checked Prompt for user name and password.
Choose other options if you have checked Prompt for user name and password.
Click OK, Apply then restart the browser to try again.
This is not basic authentication, it is likely a Integrated Windows Authentication, not a basic auth.
The troubleshooting steps are available here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-iwa
I guess I did not explain properly.
Yes, you are right. Meaning ADFS is configured to first try Integrated Windows Authentication.
It will definitely fail in my case.
So when it fails, what is the fallback authentication ?
My understanding is it is "Basic Auth"
and for that I want the pure HTML based basic-auth popup.
I do not want "windows security" popup.
Do you think it is possible ?
Basic Auth means something special. It meas that your username and password will transit in clear text (base64 encoded to pe precised) on the network. This is NOT what this popup is. This popup is showing up because your browser is not configured properly to handle Integrated Windows Authentication. If you configure your browser as suggested in the article I sent, you will have SSO and will not be prompted for username or password in a popup or in a web form. That's the best way to authenticate.
If you don't want SSO and want to force the user to type her or his password in a webform (less secure), then you can change the Authentication Policy on your ADFS farm and enable only Form Based Authentication.
But if your machines are domain joiend, that's bad idea.
Thanks @Nahuel Vacca
No, I can not disable Windows Authentication.
But when Windows Authentication fails (because of any reason which is not important), I want user to see pure HTML Basic-authentication popup as fallback.
How can we do that ?
You want to create the conditions for single sign on. That's more important in my opinion.
You can configure the application to request FBA. But that is something to do on the application level, not in ADFS.
FBA is the least secure way to authenticate users...