Solved

How secure is Windows Authentication on IIS7?

Posted on 2009-04-04
1
206 Views
Last Modified: 2013-11-08
The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.

I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone "sniff" out my credentials from my internal network like this?

Thanks for any help.
0
Comment
Question by:bemara57
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
Multipath earned 500 total points
ID: 24068371
As long as you are using SSL you should be fine.  If you are using RAW port 80 yes they can sniff out your credentials.  
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question