We help IT Professionals succeed at work.

IIS Basic Authentication

gisvpn
gisvpn asked
on
567 Views
Last Modified: 2012-06-21
aello All,

I have a quick question about the IIS basic authentication.

We need part of our web site which is restricted to registered users. The way in which we are going to authenticate users is through IIS basic authentication whereby it will connect to a database to check for a username and password that is entered into the dialog box that appears when you try to access a restricted folder on the IIS server.

However what i would like to do is ask how secure is this authentication ?

For example when the user enters their username and password into the dialog box and is passed to the server it is possible to intercept right ? Would it make it more secure if we used SSL combined with this to ensure that the username and password cannot be intercepted ?

Therefore if i used SSL and IIS basic authentication to allow users who appear in the database to view certain pages will this be secure to ensure there is no unauthorised access and it is relatively secure for this purpose.

Any comments and information that you think would be useful to know please do post them ! :)

Thanks in advance.

GISVPN

Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Steve,

Thanks for your message. We have an SSL area on the server which we can use and it sounds like this would be the best option we have. I have been playing around with it and i see what you mean by not being able to log out... Is there anyway in which you can clear the session from the browser, without having to close it ? i.e. though an ASP script ?

Thank you for your help :)

GISVPN
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Steve,

Thanks for the info thats very useful. Could i ask what the default Session.Timeout property is ? Is it 30 minutes ?

Also just another quick question, when authenticating via basic authentication can you use a form as opposed to a dialog box, or do you always have to do it via the dialog box ?

Thanks again,

GISVPN
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.