About Authentication to a webb site

  • Thread starter Thread starter Tony Johansson
  • Start date Start date
T

Tony Johansson

Hello!

Assume we have a webbsite server to which a user has a windows account.
To secure this Web site we can use both windows authentication because this
specific user has a windows account and we can create forms authentication.

In most cases the uses doesn't have a windows account so in those cases we
only have the option to use forms authentication.

Which alternatives is best when we can use both alternatives ?

//Tony
 
Assume we have a webbsite server to which a user has a windows account.
To secure this Web site we can use both windows authentication because this
specific user has a windows account and we can create forms authentication.

In most cases the uses doesn't have a windows account so in those cases we
only have the option to use forms authentication.

Which alternatives is best when we can use both alternatives ?
Click to expand...

I would tend to prefer a form based logon to app.

The NTLM authentication works only with IE on Windows on LAN
(I believe that it can be enabled with FF on Windows as well, but
it is not on by default).

You can argue that it is what you are using. But does
it apply to everyone in the company for the lifetime
of the web app?

Not sure => don't rely on it.

Arne
 
Hello!

Assume we have a webbsite server to which a user has a windows account.
To secure this Web site we can use both windows authentication because this
specific user has a windows account and we can create forms authentication.

In most cases the uses doesn't have a windows account so in those cases we
only have the option to use forms authentication.

Which alternatives is best when we can use both alternatives ?

//Tony
Click to expand...

Unless you use kerberos the windows credentials can only be presented
to the one (web) server.
So you can't pass those credentials from there on to your sql server.
Plus you need to use impersonation which is inefficient.
With asp.net windows authentication is rarely used on all but intranet
systems with predictably few users.
Learn the asp.net membership provide and use that with forms.
 
Back
Top