I work in an environment where some employees have traditional offices and their own PC's while other employees share a computer that is logged on with a non-user-specific Active Directory account. My problem is that I need a best practice scenario on how I should be authenticating any asp.net apps I write.
Options as I see them are:
1. Bite the bullet and give every user their own logon, put them in security groups and use Windows Integrated Security.
Pros - Highest level of granular security.
Cons - Shared PC areas have higher turnover so this will generate more work for the systems people to create accounts. Users would have to remember their
password for applications and the generic username/password to login to the machine.
2. Use a SQL Server Table to "roll my own" forms based security.
Cons - More development time in checking each page for a logged in variable and then redirecting to a login page if none exists. Un/Pw passed in clear text of query.
Pros - Database is already created and populated (previous app. developer did it)
Again, my base question is, "Given the scenario of some people with their own PC's (and usernames) as well as some people with shared PC's (and shared usernames), what would be the best way to secure any new applications?