?
Solved

C# VS 2008

Posted on 2009-05-14
8
Medium Priority
?
199 Views
Last Modified: 2012-05-07
I am building a web based application and it needs to have security tied to it. In the past I created a local group on the server and added the appropriate users to the group. With the web config file I granted appropriate access based on whether your username was part of the group or not.
I have been made aware that the best way to do this is with Forms authentication. I have always done this concept using integrated windows authentication, but I have been told that is not the correct and best way to do this.
Could I have some input on this thought and perhaps an example on how to implement the concept using a form based authentication as opposed to using the windows authentication concept.
0
Comment
Question by:lobos
8 Comments
 
LVL 6

Expert Comment

by:ViceroyFizzlebottom
ID: 24389594
Here's a pretty thorough walk-through of how to implement Forms authentication.

http://support.microsoft.com/kb/301240
0
 
LVL 2

Accepted Solution

by:
phead_2 earned 500 total points
ID: 24389865
Forms vs. Windows Authentication isn't really a question of right or wrong. They are two different solutions and you need to pick based on your needs. Windows Authentication can either automatically get the logged on user (say on a domain/intranet) or prompt the user for their windows account whereas forms authentication requires you to collect account info from the user in the web page(form) where the account info is not validated against the windows users/groups but against another source (in your code, database, etc.).

If you want to use windows accounts stick with windows authentication. User forms for anything else.
0
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 24389979
>>If you want to use windows accounts stick with windows authentication. User forms for anything else.

Yes, that's the rule right there.

Typically that will come down to using Windows authentication for a corporate intranet but Forms for a site open to the public .  There will be exceptions to that, but phead_2's rule stands.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Expert Comment

by:m_maq
ID: 24392372
If your company has it, SiteMinder works great and you practically do nothing 99% of the time.
0
 

Author Comment

by:lobos
ID: 24395208
Thank you for all feedback.
ViceroyFizzlebottom:> your link takes me to an example that uses a sql database for users, as I mentioned above, my concept is using the users from the active directory. Its just a matter of what is more secure, using forms or windows.
yes it is for internal puproses only.
but a good example that I want to make reference to is the OWA concept of outlook, its for users who are internal and part of AD, but when out in the public and access the OWA through https:, the authentication source is using forms as opposed to the windows popup window...thats why I am a bit confused.
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398036
You really don't have to use forms with OWA but I guess most people prefer the look of it. The only requirement there is if you use forms you have to use SSL.
0
 

Author Comment

by:lobos
ID: 24398089
ok, what about the catching of username and password on machine 'save my password' does this factor in which method to use?
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398187
If you're referring to the browser storing it it can't for windows authentication and can for forms. it is worth mentioning that with windows authentication the credentials will be cached until the browser is closed.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Integration Management Part 2
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month12 days, 18 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question