C# (ASP.NET)  Windows Authentication?

Posted on 2007-10-18
Last Modified: 2013-12-17
this is for ASP.NET (C#)

1) If we use Windows Authentication, I am assuming that we could use NLTM to do the Windows Authentication. Does this mean for every request to the web server, they need to do the challenge response? +-5 more handshake request? Because If I am not wrong, theoretically speaking we need to input the username/password for every request to the server but luckily I.E does this for us automatically in the background.

2) With Windows Authentication, do we still need session cookies? How are we going to implement session timeout apart from using cookies? Is there a way to implement session timeout without the cookies?
Question by:kecoak
    LVL 4

    Accepted Solution

    1) all browsers modern browsers are capable of using Windows Auth to connect to pages. If you require this sort of security it is the only solution. It will use Negotiation to decide on NTLM or Kerberos. What is your concern? Is it that the authentication overhead will be too much?

    2)Session cookies are required as these form the index of the session state. as far as I know without implimenting custom session providers the only way to utilise session state without cookies is to use the inbuilt "cookieless" functionality however that messes about with your urls and is far from ideal.

    Author Comment

    1) I just wanted that my understanding is correct. Is that really the case? for every HTTP request to the server, the client needs to do 4-5 handshake before they getting the response back?

    2) Well the idea of Windows Authentication is to have Single Sign On and centralised user access database. By doing this, we could also save the hassle of using session "COOKIES" but then if we don't use SESSION COOKIES, how are we going implement Authentication TIMEOUT?

    On the other hand, if we use cookies to implement Authentication Timeout, it means that we rely on the cookies as part of our authorisation/authentication. Isn't going to be a mixed authentication of Windows Authentication and Form based Authentication?

    What is your thought around this?
    LVL 4

    Expert Comment

    I'm not sure on the technicalites of Integrated Windows authentication, I can say that on a slow network there is no percevable slowdown when using Integrated auth over anonymous access.

    You talk of Authentication time out, from what I'm aware of there is no such thing as Authrntication timeout. your integrated auth credentials are vaild so long as you have an active logon session.

    The point is we can have session time out which is to be dealt with seperately to authentication. I'm sure if you had the time and money you could impliment an AD based session provider that did away with the inProc session store and could probably use the logged on id as a key.

    you don't have mixed auth. You have Integrated auth with cookie based session state managment.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now