<div>
<div class="content wysiwyg-content">
The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.<br />
<br />
I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone &quot;sniff&quot; out my credentials from my internal network like this?<br />
<br />
Thanks for any help.
</div>
</div>


The Windows Authentication feature seems really convenient. When I enable it, the login window pops up and asks for my Windows user name and password, which allows me to impersonate my .NET application as my Windows account (I think?). I am not forced to use IE because this worked for Firefox too.

I am wondering how secure putting in my Windows credentials like this is. I understand this can only work for intranet (I think?), but do I have to use this in conjunction with an SSL certificate? Can someone "sniff" out my credentials from my internal network like this?

Thanks for any help.

How secure is Windows Authentication on IIS7?

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.