I am Using Sharepoint2019 On-Premise I am looking to use separate .aspx page for authenticate users for Sharepoint2019, I tried the Form-Based Authentication( https://learn.microsoft.com/en-us/previous-versions/office/sharepoint-server-2010/ee806890(v=office.14) ) and it works for authentication but the user profiles are not getting synced from our current Active Directory, so i would like the go back to the windows authentication but instead of pop-up should i would like the .aspx I want to Use this page for Windows Authentication :- I Do Not Want This SIgn in pop-up Is there any way to accomplish this task.

You would need to put a service in front of SharePoint to do this. Windows Integrated Authentication naturally requires the WIA popup. Forms-based authentication uses a method other than Windows authentication. One suggestion to look at would be to use AD FS and Web Application Proxy. This solution would require you to configure Kerberos Constrained Delegation for the SharePoint Web Application. In addition, the WAP server(s) need to be joined to Active Directory. Finally, on AD FS you would set up a non-claims aware relying party. DNS for your Web Application would be pointed at the WAP server (or load balancer routing to WAP) and users would log in there using an FBA experience but still using Windows auth on the back end.

How to use Custom login Page (.aspx) as link FBA for Windows Authentication instead of Pop up in Sharepoint 2019

Accepted answer

Trevor Seward 11,691 Reputation points

2020-11-06T19:59:21.823+00:00

You would need to put a service in front of SharePoint to do this. Windows Integrated Authentication naturally requires the WIA popup. Forms-based authentication uses a method other than Windows authentication.

One suggestion to look at would be to use AD FS and Web Application Proxy. This solution would require you to configure Kerberos Constrained Delegation for the SharePoint Web Application. In addition, the WAP server(s) need to be joined to Active Directory. Finally, on AD FS you would set up a non-claims aware relying party.

DNS for your Web Application would be pointed at the WAP server (or load balancer routing to WAP) and users would log in there using an FBA experience but still using Windows auth on the back end.
Please sign in to rate this answer.

1 person found this answer helpful.
ananpeculiar 181 Reputation points

2020-11-08T08:24:35.26+00:00

thank you, do i need a Separate ADFS server,? and that will work like the windows authenticaion for the User profile and Mysite?

Trevor Seward 11,691 Reputation points

2020-11-08T18:10:04.96+00:00

You need an external system that can pass non-Windows auth and translate it to Windows auth. AD FS + WAP is one example of doing so. Because the back end is still Windows auth, other services that leverage Windows auth will continue to work without any changes to your farm.

ananpeculiar 181 Reputation points

2020-11-09T08:10:59.157+00:00

as per your suggestion I have taken a two instance with Azure on is for AD FS and another one is for WAP, so i couldnt find a proper document for non-claims aware relying party and the WAP Server is also need a proper setup to SSL/TLS underlying connection with the AD FS, please suggest a document or a video to follow the setup.

Trevor Seward 11,691 Reputation points

2020-11-09T15:07:46.917+00:00

See https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-non-claims-aware-relying-party-trust on how to create a non-claims aware relying party.

For TLS setup, see https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn383662(v=ws.11).

ananpeculiar 181 Reputation points

2020-11-15T09:44:47.517+00:00

I Have configured the ADFS and WAP and connected , here is my configuration,

ADFS:-
Type : Non-Cliams-Aware
identifier: https://azureadfs.domain.com/adfs/services/trust
Access Control Policy: Permit everyone with MFA

WAP:-
External URL :- https://azuresharepoint19.domain.com/sites/AzureTest/sitepages/
Backend Server URL :- Same as External URL
Pre Authentication:- AD FS
BackEnd Server SPN :- http/azuresharepoint19 servername

Now i am pointing the WAP Server IP for Sharepoint URL and ADFS URL, and i am getting the Logon Page, and if is type the Username and password it says below error.

For the TLS Setup the link says page not found, please refer to next step, and let me know if any more details to start troubleshoot, i couldn't proper document or resource for this setup

ananpeculiar 181 Reputation points

2020-12-07T08:31:53.107+00:00

Thanks for the Idea @Trevor Seward , it worked for me,
now i am using ADFS-NonClaims-aware Relying party with WAP, the sharepoint is now with Kerberos, everything seems to be working fine now. now how to integrate the officeonlineserver2019 with the sharepoint. does it require any additional configuration?

ananpeculiar 181 Reputation points

2020-12-07T08:39:15.497+00:00

i have a pass-through authentication on the WAP for the officeonlineserver, and it configure for external-https and pointing WAP IP address for the office online server so it loads for sometime and unable to view the document.
"Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘https://officeonline.Domain.com’) does not match the recipient window’s origin (‘https://sharepoint19.domain.com’)."

ananpeculiar 181 Reputation points

2020-12-16T16:16:25.39+00:00

@Trevor Seward , the sharepoint pages are unresponsive if i access throught ADFS and WAP, i fi access direclty the sharepoint IP then all working fine, what need to be change on the sharepoint server
Sign in to comment

Share via

How to use Custom login Page (.aspx) as link FBA for Windows Authentication instead of Pop up in Sharepoint 2019

0 additional answers