authentication/login scheme

Discussion in 'ASP .Net Security' started by Kevin, Dec 8, 2003.

  1. Kevin

    Kevin Guest

    I am a developer, not an administrator and want to ask
    you guys for advice on designing a login/authentication
    scheme for a new .Net C# product.

    -The product will run on customers' intranets. (The
    website may be accessed remotely but we are not ruling
    out forcing them to go through a VPN.)
    -The logins will come from a database not from Windows
    accounts.
    -We would rather not pay to subscribe to a third party
    service (this is my assumption about Passport and some of
    the certificate methods).
    -We would rather not force the user to deploy a
    certificate on each client machine that might try to
    access the web site. (We are looking for a highly
    automated install that will require as little from the
    customer as possible.)
    - The authentication scheme used should affect this web
    site only and not all of our customers' sites.
    - We need to keep the information secure including the
    login credentials that are compared against the database.

    I know that I have various methods at my disposal: Forms
    Authentication, various IIS Windows Authentication
    methods and ISAPI filter DLLs. Although I have a general
    understanding of each option, I don't yet know enough to
    make thorough comparisons between the methods based on
    our requirements. Any advice you guys could give will be
    appreciated.
    Kevin, Dec 8, 2003
    #1
    1. Advertising

  2. Hai Kevin,

    Intranet Web application : Windows authentication

    Private corporate Web application: Windows authentication

    Commercial Web application: Forms authentication

    Multiple commercial Web applications: Passport
    authentication.

    Better option: windows authentication + Active Directory
    Windows authentication using Kerberos, an authentication
    protocol that is an integral component of Windows Active
    Directory. Kerberos is designed to provide authentication
    using secret key cryptography.

    You may also forms authentication with storing encrypted
    ids in the database.

    Warm regards,
    Arun Ganesh.
    Microsoft .NET MVP.

    >-----Original Message-----
    >I am a developer, not an administrator and want to ask
    >you guys for advice on designing a login/authentication
    >scheme for a new .Net C# product.
    >
    >-The product will run on customers' intranets. (The
    >website may be accessed remotely but we are not ruling
    >out forcing them to go through a VPN.)
    >-The logins will come from a database not from Windows
    >accounts.
    >-We would rather not pay to subscribe to a third party
    >service (this is my assumption about Passport and some

    of
    >the certificate methods).
    >-We would rather not force the user to deploy a
    >certificate on each client machine that might try to
    >access the web site. (We are looking for a highly
    >automated install that will require as little from the
    >customer as possible.)
    >- The authentication scheme used should affect this web
    >site only and not all of our customers' sites.
    >- We need to keep the information secure including the
    >login credentials that are compared against the database.
    >
    >I know that I have various methods at my disposal: Forms
    >Authentication, various IIS Windows Authentication
    >methods and ISAPI filter DLLs. Although I have a

    general
    >understanding of each option, I don't yet know enough to
    >make thorough comparisons between the methods based on
    >our requirements. Any advice you guys could give will

    be
    >appreciated.
    >.
    >
    G. Gnana Arun Ganesh, Dec 9, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. chen
    Replies:
    2
    Views:
    2,622
  2. Pascal Blanchard
    Replies:
    0
    Views:
    240
    Pascal Blanchard
    Aug 17, 2004
  3. Pascal Blanchard
    Replies:
    1
    Views:
    273
    Pascal Blanchard
    Aug 18, 2004
  4. Allawy
    Replies:
    0
    Views:
    719
    Allawy
    Aug 18, 2008
  5. chen

    The authentication scheme 'NTML' is not supported

    chen, Sep 10, 2007, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    172
Loading...

Share This Page