Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

windows authentication applications

many of our business applications dont have seperate usernames/passwords, are integrated with active directory, i.e. "windows authentication". I have noticed for many of our apps the login process is done over HTTP. when you login to an app via windows authentication, does that mean your domain password is sent clear text over the network plain text, or would it be some sort of representation of your password that is sent to the app server/DB server (i.e. hash?). is it basically a backend SQL server DB that determines access, i.e. are you in the server logins either by a SQL login or a windows authenticaiton account. I am not from a development background but I beleive most of thse apps were built with asp.net.
ASKER CERTIFIED SOLUTION
Avatar of Mlanda T
Mlanda T
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
are you in the server logins either by a SQL login or a windows authenticaiton account
It really can be anything and will depend on the application in question. Typically, each application will use a configuration setting called a "connection string" which tells the application how to connect to the database which it is using. This connection string will either tell the application to impersonate the user when talking to the database,  OR it will tell the application to use a specified SQL account.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial