Avatar of Pau Lo
Pau Lo
 asked on

windows authentication applications

many of our business applications dont have seperate usernames/passwords, are integrated with active directory, i.e. "windows authentication". I have noticed for many of our apps the login process is done over HTTP. when you login to an app via windows authentication, does that mean your domain password is sent clear text over the network plain text, or would it be some sort of representation of your password that is sent to the app server/DB server (i.e. hash?). is it basically a backend SQL server DB that determines access, i.e. are you in the server logins either by a SQL login or a windows authenticaiton account. I am not from a development background but I beleive most of thse apps were built with asp.net.
Web DevelopmentMicrosoft SQL ServerASP.NET

Avatar of undefined
Last Comment
JS List

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Mlanda T

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Steven Kribbe

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Mlanda T

are you in the server logins either by a SQL login or a windows authenticaiton account
It really can be anything and will depend on the application in question. Typically, each application will use a configuration setting called a "connection string" which tells the application how to connect to the database which it is using. This connection string will either tell the application to impersonate the user when talking to the database,  OR it will tell the application to use a specified SQL account.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy