V
Vlad
Hello, people!
I’m presently trying to choose an appropriate user authentication
solution for online banking system implemented in ASP.NET, and as far as
I understood the best practice of what Mcrosoft has to offer (with the
exception of Windows integrated) is WEB forms authentication. So my
question would be:
- Would using forms authentication really be appropriate for such
security demanding software, considering that authentication cookie will
still be saved on the client’s computer where it cannot be protected by
SSL anymore. Or is it better to implement some tailor made
authentication/authorization mechanism, based on authentication
information storing into session state/viewstate? What would you suggest?
Best regards,
Vlad.
vladi_dPLACEATHEREdotLV
I’m presently trying to choose an appropriate user authentication
solution for online banking system implemented in ASP.NET, and as far as
I understood the best practice of what Mcrosoft has to offer (with the
exception of Windows integrated) is WEB forms authentication. So my
question would be:
- Would using forms authentication really be appropriate for such
security demanding software, considering that authentication cookie will
still be saved on the client’s computer where it cannot be protected by
SSL anymore. Or is it better to implement some tailor made
authentication/authorization mechanism, based on authentication
information storing into session state/viewstate? What would you suggest?
Best regards,
Vlad.
vladi_dPLACEATHEREdotLV