Solved

C# VS 2008

Posted on 2009-05-14
8
193 Views
Last Modified: 2012-05-07
I am building a web based application and it needs to have security tied to it. In the past I created a local group on the server and added the appropriate users to the group. With the web config file I granted appropriate access based on whether your username was part of the group or not.
I have been made aware that the best way to do this is with Forms authentication. I have always done this concept using integrated windows authentication, but I have been told that is not the correct and best way to do this.
Could I have some input on this thought and perhaps an example on how to implement the concept using a form based authentication as opposed to using the windows authentication concept.
0
Comment
Question by:lobos
8 Comments
 
LVL 6

Expert Comment

by:ViceroyFizzlebottom
ID: 24389594
Here's a pretty thorough walk-through of how to implement Forms authentication.

http://support.microsoft.com/kb/301240
0
 
LVL 2

Accepted Solution

by:
phead_2 earned 125 total points
ID: 24389865
Forms vs. Windows Authentication isn't really a question of right or wrong. They are two different solutions and you need to pick based on your needs. Windows Authentication can either automatically get the logged on user (say on a domain/intranet) or prompt the user for their windows account whereas forms authentication requires you to collect account info from the user in the web page(form) where the account info is not validated against the windows users/groups but against another source (in your code, database, etc.).

If you want to use windows accounts stick with windows authentication. User forms for anything else.
0
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 24389979
>>If you want to use windows accounts stick with windows authentication. User forms for anything else.

Yes, that's the rule right there.

Typically that will come down to using Windows authentication for a corporate intranet but Forms for a site open to the public .  There will be exceptions to that, but phead_2's rule stands.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Expert Comment

by:m_maq
ID: 24392372
If your company has it, SiteMinder works great and you practically do nothing 99% of the time.
0
 

Author Comment

by:lobos
ID: 24395208
Thank you for all feedback.
ViceroyFizzlebottom:> your link takes me to an example that uses a sql database for users, as I mentioned above, my concept is using the users from the active directory. Its just a matter of what is more secure, using forms or windows.
yes it is for internal puproses only.
but a good example that I want to make reference to is the OWA concept of outlook, its for users who are internal and part of AD, but when out in the public and access the OWA through https:, the authentication source is using forms as opposed to the windows popup window...thats why I am a bit confused.
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398036
You really don't have to use forms with OWA but I guess most people prefer the look of it. The only requirement there is if you use forms you have to use SSL.
0
 

Author Comment

by:lobos
ID: 24398089
ok, what about the catching of username and password on machine 'save my password' does this factor in which method to use?
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398187
If you're referring to the browser storing it it can't for windows authentication and can for forms. it is worth mentioning that with windows authentication the credentials will be cached until the browser is closed.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In order to hide the "ugly" records selectors (triangles) in the rowheaders, here are some suggestions. Microsoft doesn't have a direct method/property to do it. You can only hide the rowheader column. First solution, the easy way The first sol…
This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question