Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How secure is Windows Authentication on IIS7?

Posted on 2009-04-04
1
Medium Priority
?
208 Views
Last Modified: 2013-11-08
The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.

I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone "sniff" out my credentials from my internal network like this?

Thanks for any help.
0
Comment
Question by:bemara57
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
Multipath earned 2000 total points
ID: 24068371
As long as you are using SSL you should be fine.  If you are using RAW port 80 yes they can sniff out your credentials.  
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question