Solved

How secure is Windows Authentication on IIS7?

Posted on 2009-04-04
1
203 Views
Last Modified: 2013-11-08
The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.

I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone "sniff" out my credentials from my internal network like this?

Thanks for any help.
0
Comment
Question by:bemara57
1 Comment
 
LVL 4

Accepted Solution

by:
Multipath earned 500 total points
ID: 24068371
As long as you are using SSL you should be fine.  If you are using RAW port 80 yes they can sniff out your credentials.  
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question