Forms Auth. vs IIS Auth.

  • Thread starter Thread starter Kevin
  • Start date Start date
K

Kevin

Is using forms authentication any less secure than using
one of the more secure IIS authentication methods?

I am wanting to authenticate against credentials in a
database.
I see two ways of doing this. The first is through forms
authentication and trying to encrypt the credential data
being transmitted over the network. The other is using
IIS authenication and an ISAPI filter dll to handle the
authentication against the database.
 
Kevin,

I would say less secure, because Forms Autnetication relies on browser
cookies for everything. You should understand that Forms
Authentication was designed for public web sites. If you were trying
to "secure" an on-line store for example you would implement this type
of secuirty.

The alternative would be Windows Integrared Security which would be
going though the NTLM or Keberos, Or you could use the Microsoft
Passport protocoil (IIS 6.0 and above only I believe). I would only
use Integrated security for Intranet web sites (since the users has to
be logged into a reconized domain for their credientals to be picked
up).

FYI- This question is really suited for the aspnet newsgroups, you
probably would have recieved a much faster response there.

-Jeremy
 
Back
Top