windows authentication applications
many of our business applications dont have seperate usernames/passwords, are integrated with active directory, i.e. "windows authentication". I have noticed for many of our apps the login process is done over HTTP. when you login to an app via windows authentication, does that mean your domain password is sent clear text over the network plain text, or would it be some sort of representation of your password that is sent to the app server/DB server (i.e. hash?). is it basically a backend SQL server DB that determines access, i.e. are you in the server logins either by a SQL login or a windows authenticaiton account. I am not from a development background but I beleive most of thse apps were built with asp.net.
Asked:
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
A plain explanation:
Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application, the credentials are matched with the Windows domain through IIS.
There are 4 types of Windows Authentication methods:
1) Anonymous Authentication - IIS allows any user
2) Basic Authentication - A windows username and password has to be sent across the network (in plain text format, hence not very secure).
3) Digest Authentication - Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above
4) Integrated Windows Authentication - Relies on Kerberos technology, with strong credential encryption
Forms Authentication - This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.
Hope this helps.
Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application, the credentials are matched with the Windows domain through IIS.
There are 4 types of Windows Authentication methods:
1) Anonymous Authentication - IIS allows any user
2) Basic Authentication - A windows username and password has to be sent across the network (in plain text format, hence not very secure).
3) Digest Authentication - Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above
4) Integrated Windows Authentication - Relies on Kerberos technology, with strong credential encryption
Forms Authentication - This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.
Hope this helps.
are you in the server logins either by a SQL login or a windows authenticaiton accountIt really can be anything and will depend on the application in question. Typically, each application will use a configuration setting called a "connection string" which tells the application how to connect to the database which it is using. This connection string will either tell the application to impersonate the user when talking to the database, OR it will tell the application to use a specified SQL account.
In IIS you have to set the app that will enable you to grab the active directory info.
This is done in IIS -> select the app -> then Authentication -> then disable everything except for Windows Authentication.
Now you grab the AD info and compare it to an existing database with the information.
If the info matches you can either set a cookie or session id with the database info allowing the person to access the app. I have it on each page check the cookies to see if the person is entitled to get at that page. If not I send them packing back to the front page.
I use session variables for some things but they seem to loose their info quickly.
This is done in IIS -> select the app -> then Authentication -> then disable everything except for Windows Authentication.
Now you grab the AD info and compare it to an existing database with the information.
If the info matches you can either set a cookie or session id with the database info allowing the person to access the app. I have it on each page check the cookies to see if the person is entitled to get at that page. If not I send them packing back to the front page.
I use session variables for some things but they seem to loose their info quickly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
See also: https://en.wikipedia.org/wiki/Integrated_Windows_Authentication