K
Kevin
I am a developer, not an administrator and want to ask
you guys for advice on designing a login/authentication
scheme for a new .Net C# product.
-The product will run on customers' intranets. (The
website may be accessed remotely but we are not ruling
out forcing them to go through a VPN.)
-The logins will come from a database not from Windows
accounts.
-We would rather not pay to subscribe to a third party
service (this is my assumption about Passport and some of
the certificate methods).
-We would rather not force the user to deploy a
certificate on each client machine that might try to
access the web site. (We are looking for a highly
automated install that will require as little from the
customer as possible.)
- The authentication scheme used should affect this web
site only and not all of our customers' sites.
- We need to keep the information secure including the
login credentials that are compared against the database.
I know that I have various methods at my disposal: Forms
Authentication, various IIS Windows Authentication
methods and ISAPI filter DLLs. Although I have a general
understanding of each option, I don't yet know enough to
make thorough comparisons between the methods based on
our requirements. Any advice you guys could give will be
appreciated.
you guys for advice on designing a login/authentication
scheme for a new .Net C# product.
-The product will run on customers' intranets. (The
website may be accessed remotely but we are not ruling
out forcing them to go through a VPN.)
-The logins will come from a database not from Windows
accounts.
-We would rather not pay to subscribe to a third party
service (this is my assumption about Passport and some of
the certificate methods).
-We would rather not force the user to deploy a
certificate on each client machine that might try to
access the web site. (We are looking for a highly
automated install that will require as little from the
customer as possible.)
- The authentication scheme used should affect this web
site only and not all of our customers' sites.
- We need to keep the information secure including the
login credentials that are compared against the database.
I know that I have various methods at my disposal: Forms
Authentication, various IIS Windows Authentication
methods and ISAPI filter DLLs. Although I have a general
understanding of each option, I don't yet know enough to
make thorough comparisons between the methods based on
our requirements. Any advice you guys could give will be
appreciated.