Authentication: Forms vs. Windows

Hi all

I've been having a discussion with another user and it brought up some interesting questions in my mind regarding the two main types of authentication (I know passport is another option, but lets leave that out of this for now):
1 - Why use windows authentication? - I haven't been able to think of a scenario where I would prefer to use windows authentication in a web app, can somebody who's actually used it maybe comment on this?
2 - Windows authentication dependencies. If I decide to use windows authentication, I may want to create a new user group called 'MyWebAppSuperUsers' and assign all domain users who are super users to the group. Then if a user belongs to this group, I could allow them access to certain functions. Doesn't this put too much responsibility on the network admin staff. Suddenly they're not only having to look after authentication on the network, but also on every single app the company is using. Traditionally this responsibility would be split between the 'owners' of different apps. So someone in the purchasing department will control access and permissions in the purchasing system etc. etc. With windows authentication it just seems to me that the workload on network admin will increase and they may not really be in a position to know what they're doing without actually knowing a fair deal about every application in the company. Any comments?
Maybe I'm a bit biased here, because I've only used forms based authentication and I've been very happy with it and at the same time we've been having endless problems with windows authentication on our w2k domain.
Cheers
nscd
0
notsocleverdick
8/1/2003 11:26:16 AM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
935 Views

Similar Articles

[PageSpeed] 56
Get it on Google Play
Get it on Apple App Store

Windows Auth would be good for an Intranet where there are already a bunch of unique user accounts created. This way they can use a single-logon (u/p) to access the resources instead of remembering a different username/password.


~Brad Kingsley
MCSE, ASPInsider


www.orcsweb.com

Powerful Web Hosting Solutions
#1 in Service and Support

0
sbradk
8/2/2003 4:24:58 PM
Reply:

Similar Artilces:

NTLM Authentication, Windows vs Forms, Security
OK, I finally go all out and start reading reams of Security documentation, MS' and other's, and what I've really accomplished is to get myself thoroughly confused. I've been successful at numerous types of authentication/authorizaiton, but what I really want to do, I haven't found an answer for. That is: ******************************* A user is logged on their workstation which is on the domain. When the user starts up my web app, I want them to be prompted with a logon in order to be authenticated against the domain. This is very important for security of privacy data. In oth...

windows authentication and forms authentication
I want to create a website that uses forms authentication on the front end for users, but I also want to create an admin directory that only users inside the network can access with windows authentication. Is this possible using both types of authentication? The admin site webconfig looks like   <configuration> <appSettings/> <connectionStrings/> <system.web> <authentication mode="Windows" /> <identity impersonate="true" /> <authorization> <deny users="?" /> <allow roles="*" /> </authorization> </system.web> ...

Did a windows Security Update break Forms authentication?
1:  I have a website in development, I use forms authentication and have a couple roles, Admin, Merchant, Employee 2:  I have this running on a development box on Windows XPS with IIS version 7, and also on a Windows VISTA test box with IIS version 7 3:  I did nothing on the project for a couple of days, and now the sign in is completely FUBAR A: The Login Status never shows LogOut, it always says LogIn even after I log in B: If i try to access a page in my admin directory, which requires the user be in the admin role, it will bring up the login page, but after I log...

Why is secure form popping up with Client Authentication window?
I have developed two different web sites, one on Window Server 2000, IIS 5.x (I believe), the other web site is on Windows Server 2003, IIS 6.I've been using secure forms on the IIS 6 web site without any issues.  Recently I brought a couple of secure forms online on the web site that uses IIS 5.x.  Each time a new Windows Explorer session accesses either secure form, a Client Authentication window pops up and basically asks you to select the certificate to use to connect.  There is a blurb at Microsoft explaining why no certificates display, but I'm wondering why I'm getting ...

Windows Authentication on VS.Net Web project
I have turned on Windows Authentication for my ASP.Net web project. When I disable Anonymous access for my virtual directory, I cannot open the ASP.Net project in Visual Studio. The IDE freezes and when I kill the process after a while, I can see an error in the Application event log : Hanging application devenv.exe My login is a member of the Administrators group, VS Developers and Debuggers group. It seems to be an issue with permissions. I tried different combinations - but nothing works. I can open the project only if I allow anonymous accesss on the virtual directory....

windows integrated security instead Forms authentication
Dear all , I would like to able to change the way user able to log into  windows integrated security instead Forms authentication, so  do i have to  to disable  membership provider ? or i need only to change in webconfig file and the website will handel and ignore the membership? ,,i just new to mempership provider model. Once you change the web.config  file to use Windows Integrated security, users will have to log in using a valid Windows account on the network. Changing the web.config  file disables the forms authentication.Check this ...

Switch from Forms authentication to Windows integrated security?
Can someone detail how this would be done on an existing installation? Is it all in web.config or are there other parts I need to mess with? I had installed several of the Starter Kits, each with Forms authentication, and now my group is getting irritated having to enter passwords for each kit; would like to tie everything together under Windows integrated security (AD). Any help appreciated. Hi capicker, Thanks for using the Issue Tracker! Yes, you can simply change the authentication mode in the application Web.Config file. Change <authentication mode="Forms" /&g...

Interchangeable security model – between Forms and Windows authentication
Hi, I am developing an enterprise application that must have an interchangeable security model based on the requirements of individual clients. The primary interface will be implemented in ASP.NET and the default security model with use ‘Forms’ authentication and user credentials stored in the database. However, this must be ‘hot-swoppable’ to use Windows authentication for certain clients. The ‘Group’ information obtained from the login is used to restrict access to various parts of the application once a user has logged on. Here’s the problem: -To develop a generic security class ...

How to use both Windows Authentication and Forms Authentication
I've been reading for days on the net various articles that claim various ways to mix both windows and forms security; but none of them are totally concrete; or they do not work when I try them. I would like my app to use Windows Authentication; but if the user is not authenticated through Windows, then I would like my app to prompt for a logon and pwd and authenticate that logon and pwd against a custom database.  However, I believe that if I take any of the following approaches, they will all fail.  Am I correct?  1) If I use "Windows Authentication", then I can't make thi...

Mixing windows authentication with forms authentication
I've seen some post on this forum regarding mixing the forms authentication with the windows one.Most interesting was the post http://forums.asp.net/2/460035/ShowThread.aspx but also others My questions is if there is other solutions for ASP.NET 2.0 or not? Best regards  If you are using ActiveDirectory as the store for your windows credentials, I talk about how you can use forms authentication that has ActiveDirectory users/roles as the data source for the MembershipProvider and RolesProvider in my post "Leveraging Active Directory As A Membership and Role Management Data S...

Using both Windows Authentication AND Forms Authentication, how?
I am able to use either Forms Authentication OR Windows Authentication but cannot manage to find a solution to using them both. Basically I want to figure out how to set Admin roles for specific users. I would still use windows authentication for them and everyone else in general. But the Admin users (after having passed Windows authentication) have the option of loging into the site via the form in order to Edit their pages. This prevents users from logging onto their system, getting passed Windows Authentication and editing content. This will also allow them to experience the visit a...

Windows authentication inside forms authentication
Hi all, I have a website (A)with forms authentication. On one of the pages I have an ifram, source for ifram is a link to Site B that uses windows authentications. I have two scenarios. 1)      If site A and B are hosted on different servers all is well 2)      If site A  and B are hosted on same server, as virtual directories under defaults website, I get problem described below: I log in to site A and then login to B everything works fine inside ifram but none of the post back event outside of ifram is fired. (NOTE...

mixing windows authentication and forms authentication
Could not find an answer for this searching, im hoping someone can assist.  I have a system setup so that I am using windows authentication to grab the LOGON_USER and forms authentication to then apply his roles to allow access. I did this because I did not want that popup when accessing restricted areas, instead just direct them to an access denied page. I would like to get all of this gone in the global however I am having a problem and need to know how to construct a custom principle object to fix this.  I get an error on this line in the global HttpContext.Current.U...

Difference between Forms authentication and windows authentication
Hi, can any body help me in understanding Forms authentication and windows authentication works internally and how it compares the users in Active Directory services. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/751c99bd-9657-41a5-b541-569d305872ef.mspx?mfr=true http://msdn2.microsoft.com/en-us/library/xdt4thhy.aspx I'm not sure what you're looking for, but essentially forms authentication allows you do the work, and windows authentications lets IIS do the work for you Sandeep Antony Application which we developed is hosted on...

Web resources about - Authentication: Forms vs. Windows - asp.net.security

Resources last updated: 1/16/2016 2:56:20 PM