• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

How secure is Windows Authentication on IIS7?

The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.

I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone "sniff" out my credentials from my internal network like this?

Thanks for any help.
0
bemara57
Asked:
bemara57
1 Solution
 
MultipathCommented:
As long as you are using SSL you should be fine.  If you are using RAW port 80 yes they can sniff out your credentials.  
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now