1

I am Using Sharepoint2019 On-Premise

I am looking to use separate .aspx page for authenticate users for Sharepoint2019,

I tried the Form-Based Authentication(https://learn.microsoft.com/en-us/previous-versions/office/sharepoint-server-2010/ee806890(v=office.14)) and it works for authentication but the user profiles are not getting synced from our current Active Directory, so i would like the go back to the windows authentication but instead of pop-up should i would like the .aspx

I want to Use this page for Windows Authentication :-

I Do Not Want This SIgn in pop-up enter image description here

can any one please guide me to accomplish this task.

T.Anand
  • 463
  • 2
  • 6
  • 19
  • I am also working on the same process but still i couldn't find any solution on the FBA and Windows Authentication. if Microsoft changes the pop-up to the separate webpage(.aspx) for windows authentication it will be really helpful, better post your question on the Microsoft page. – karhtik Nov 06 '20 at 02:56

2 Answers2

1

it is quite tricky, as Microsoft Designed in that for the windows authentication, but any how if you can use the Form Base Authentication.

Here is the Link where Microsoft posted how to implement the Form Based Authentication.

Configure forms-based authentication for a claims-based Web application

karhtik
  • 506
  • 3
  • 15
  • 1
    Thanks for the LInk, i have already enabled the FBA and the authentication part works perfectly with AD but the User Profiles are not getting synced as like windows authentication. – T.Anand Nov 18 '20 at 17:22
  • The Form Based Authentication is entirely Different from the Windows authentication, and user profiles are different for the both authentication, microsoft would have concentrate on the Windows Pop up – karhtik Nov 18 '20 at 17:25
1

One suggestion to look at would be to use AD FS and Web Application Proxy. This solution would require you to configure Kerberos Constrained Delegation for the SharePoint Web Application. In addition, the WAP server(s) need to be joined to Active Directory. Finally, on AD FS you would set up a non-claims aware relying party.

DNS for your Web Application would be pointed at the WAP server (or load balancer routing to WAP) and users would log in there using an FBA experience but still using Windows auth on the back end.

You need an external system that can pass non-Windows auth and translate it to Windows auth. AD FS + WAP is one example of doing so. Because the back end is still Windows auth, other services that leverage Windows auth will continue to work without any changes to your farm.

See here :- https://learn.microsoft.com/en-us/answers/questions/153678/how-to-use-custom-login-page-aspx-as-link-fba-for.html

See https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-non-claims-aware-relying-party-trust on how to create a non-claims aware relying party.

For TLS setup, see https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn383662(v=ws.11).

karhtik
  • 506
  • 3
  • 15
  • 1
    This method is working like a charm, now i am able to use the Form like view in the front end and the back end is Windows Authentication(Kerberos). Thanks for the answer – T.Anand Dec 07 '20 at 10:20