How secure is Windows Authentication on IIS7?

The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.

I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone "sniff" out my credentials from my internal network like this?

Thanks for any help.
bemara57Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
MultipathConnect With a Mentor Commented:
As long as you are using SSL you should be fine.  If you are using RAW port 80 yes they can sniff out your credentials.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.