Solved

C# VS 2008

Posted on 2009-05-14
8
195 Views
Last Modified: 2012-05-07
I am building a web based application and it needs to have security tied to it. In the past I created a local group on the server and added the appropriate users to the group. With the web config file I granted appropriate access based on whether your username was part of the group or not.
I have been made aware that the best way to do this is with Forms authentication. I have always done this concept using integrated windows authentication, but I have been told that is not the correct and best way to do this.
Could I have some input on this thought and perhaps an example on how to implement the concept using a form based authentication as opposed to using the windows authentication concept.
0
Comment
Question by:lobos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 6

Expert Comment

by:ViceroyFizzlebottom
ID: 24389594
Here's a pretty thorough walk-through of how to implement Forms authentication.

http://support.microsoft.com/kb/301240
0
 
LVL 2

Accepted Solution

by:
phead_2 earned 125 total points
ID: 24389865
Forms vs. Windows Authentication isn't really a question of right or wrong. They are two different solutions and you need to pick based on your needs. Windows Authentication can either automatically get the logged on user (say on a domain/intranet) or prompt the user for their windows account whereas forms authentication requires you to collect account info from the user in the web page(form) where the account info is not validated against the windows users/groups but against another source (in your code, database, etc.).

If you want to use windows accounts stick with windows authentication. User forms for anything else.
0
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 24389979
>>If you want to use windows accounts stick with windows authentication. User forms for anything else.

Yes, that's the rule right there.

Typically that will come down to using Windows authentication for a corporate intranet but Forms for a site open to the public .  There will be exceptions to that, but phead_2's rule stands.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Expert Comment

by:m_maq
ID: 24392372
If your company has it, SiteMinder works great and you practically do nothing 99% of the time.
0
 

Author Comment

by:lobos
ID: 24395208
Thank you for all feedback.
ViceroyFizzlebottom:> your link takes me to an example that uses a sql database for users, as I mentioned above, my concept is using the users from the active directory. Its just a matter of what is more secure, using forms or windows.
yes it is for internal puproses only.
but a good example that I want to make reference to is the OWA concept of outlook, its for users who are internal and part of AD, but when out in the public and access the OWA through https:, the authentication source is using forms as opposed to the windows popup window...thats why I am a bit confused.
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398036
You really don't have to use forms with OWA but I guess most people prefer the look of it. The only requirement there is if you use forms you have to use SSL.
0
 

Author Comment

by:lobos
ID: 24398089
ok, what about the catching of username and password on machine 'save my password' does this factor in which method to use?
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398187
If you're referring to the browser storing it it can't for windows authentication and can for forms. it is worth mentioning that with windows authentication the credentials will be cached until the browser is closed.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article series is supposed to shed some light on the use of IDisposable and objects that inherit from it. In essence, a more apt title for this article would be: using (IDisposable) {}. I’m just not sure how many people would ge…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question