Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

C# VS 2008

Posted on 2009-05-14
8
Medium Priority
?
198 Views
Last Modified: 2012-05-07
I am building a web based application and it needs to have security tied to it. In the past I created a local group on the server and added the appropriate users to the group. With the web config file I granted appropriate access based on whether your username was part of the group or not.
I have been made aware that the best way to do this is with Forms authentication. I have always done this concept using integrated windows authentication, but I have been told that is not the correct and best way to do this.
Could I have some input on this thought and perhaps an example on how to implement the concept using a form based authentication as opposed to using the windows authentication concept.
0
Comment
Question by:lobos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 6

Expert Comment

by:ViceroyFizzlebottom
ID: 24389594
Here's a pretty thorough walk-through of how to implement Forms authentication.

http://support.microsoft.com/kb/301240
0
 
LVL 2

Accepted Solution

by:
phead_2 earned 500 total points
ID: 24389865
Forms vs. Windows Authentication isn't really a question of right or wrong. They are two different solutions and you need to pick based on your needs. Windows Authentication can either automatically get the logged on user (say on a domain/intranet) or prompt the user for their windows account whereas forms authentication requires you to collect account info from the user in the web page(form) where the account info is not validated against the windows users/groups but against another source (in your code, database, etc.).

If you want to use windows accounts stick with windows authentication. User forms for anything else.
0
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 24389979
>>If you want to use windows accounts stick with windows authentication. User forms for anything else.

Yes, that's the rule right there.

Typically that will come down to using Windows authentication for a corporate intranet but Forms for a site open to the public .  There will be exceptions to that, but phead_2's rule stands.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Expert Comment

by:m_maq
ID: 24392372
If your company has it, SiteMinder works great and you practically do nothing 99% of the time.
0
 

Author Comment

by:lobos
ID: 24395208
Thank you for all feedback.
ViceroyFizzlebottom:> your link takes me to an example that uses a sql database for users, as I mentioned above, my concept is using the users from the active directory. Its just a matter of what is more secure, using forms or windows.
yes it is for internal puproses only.
but a good example that I want to make reference to is the OWA concept of outlook, its for users who are internal and part of AD, but when out in the public and access the OWA through https:, the authentication source is using forms as opposed to the windows popup window...thats why I am a bit confused.
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398036
You really don't have to use forms with OWA but I guess most people prefer the look of it. The only requirement there is if you use forms you have to use SSL.
0
 

Author Comment

by:lobos
ID: 24398089
ok, what about the catching of username and password on machine 'save my password' does this factor in which method to use?
0
 
LVL 2

Expert Comment

by:phead_2
ID: 24398187
If you're referring to the browser storing it it can't for windows authentication and can for forms. it is worth mentioning that with windows authentication the credentials will be cached until the browser is closed.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Ivo
C# And Nullable Types Since 2.0 C# has Nullable(T) Generic Structure. The idea behind is to allow value type objects to have null values just like reference types have. This concerns scenarios where not all data sources have values (like a databa…
Article by: Najam
Having new technologies does not mean they will completely replace old components.  Recently I had to create WCF that will be called by VB6 component.  Here I will describe what steps one should follow while doing so, please feel free to post any qu…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question