Solved

C# VS 2008

Posted on 2009-05-14
8
196 Views
Last Modified: 2012-05-07
I am building a web based application and it needs to have security tied to it. In the past I created a local group on the server and added the appropriate users to the group. With the web config file I granted appropriate access based on whether your username was part of the group or not.
I have been made aware that the best way to do this is with Forms authentication. I have always done this concept using integrated windows authentication, but I have been told that is not the correct and best way to do this.
Could I have some input on this thought and perhaps an example on how to implement the concept using a form based authentication as opposed to using the windows authentication concept.
0
Comment
Question by:lobos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 6

Expert Comment

by:ViceroyFizzlebottom
ID: 24389594
Here's a pretty thorough walk-through of how to implement Forms authentication.

http://support.microsoft.com/kb/301240
0
 
LVL 2

Accepted Solution

by:
phead_2 earned 125 total points
ID: 24389865
Forms vs. Windows Authentication isn't really a question of right or wrong. They are two different solutions and you need to pick based on your needs. Windows Authentication can either automatically get the logged on user (say on a domain/intranet) or prompt the user for their windows account whereas forms authentication requires you to collect account info from the user in the web page(form) where the account info is not validated against the windows users/groups but against another source (in your code, database, etc.).

If you want to use windows accounts stick with windows authentication. User forms for anything else.
0
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 24389979
>>If you want to use windows accounts stick with windows authentication. User forms for anything else.

Yes, that's the rule right there.

Typically that will come down to using Windows authentication for a corporate intranet but Forms for a site open to the public .  There will be exceptions to that, but phead_2's rule stands.
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 

Expert Comment

by:m_maq
ID: 24392372
If your company has it, SiteMinder works great and you practically do nothing 99% of the time.
0
 

Author Comment

by:lobos
ID: 24395208
Thank you for all feedback.
ViceroyFizzlebottom:> your link takes me to an example that uses a sql database for users, as I mentioned above, my concept is using the users from the active directory. Its just a matter of what is more secure, using forms or windows.
yes it is for internal puproses only.
but a good example that I want to make reference to is the OWA concept of outlook, its for users who are internal and part of AD, but when out in the public and access the OWA through https:, the authentication source is using forms as opposed to the windows popup window...thats why I am a bit confused.
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398036
You really don't have to use forms with OWA but I guess most people prefer the look of it. The only requirement there is if you use forms you have to use SSL.
0
 

Author Comment

by:lobos
ID: 24398089
ok, what about the catching of username and password on machine 'save my password' does this factor in which method to use?
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398187
If you're referring to the browser storing it it can't for windows authentication and can for forms. it is worth mentioning that with windows authentication the credentials will be cached until the browser is closed.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes a simple method to resize a control at runtime.  It includes ready-to-use source code and a complete sample demonstration application.  We'll also talk about C# Extension Methods. Introduction In one of my applications…
This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question