F
Frank
I'm creating a site which will allow our clients to place orders. Because of
different price list and sensitive merchandise we sell (Medical Supplies.)
I'm concerned about security. I though that either I have to do a Windows
Authentication or Form Authentication. If I use windows authentication, I can
validate with my domain and I wouldn't have a problem with that, unless that
would cause a problem with my internal security. The Second option is Form
Authenticated.
My Question is
1) If I use Windows Authentication can I bypass the browser dialog box and
use a form with textboxes to do the sign in. I seen that Microsoft Exchange
Web Outlook 2003 can do this. Is this possible? Someone told me at the asp
group that it was not, but since it was asp and not asp.net, I want it to
ask.
2) Can I run into internal security problems if I give them a restricted
windows account? I guess the answer is yes... (Did I just answer my self?)
3) Can you point me at another method of secure login, like forms but with
encryptation, that can allow me to not have to validate with my domain.
Thank you
Francisco O.
IBLUES
different price list and sensitive merchandise we sell (Medical Supplies.)
I'm concerned about security. I though that either I have to do a Windows
Authentication or Form Authentication. If I use windows authentication, I can
validate with my domain and I wouldn't have a problem with that, unless that
would cause a problem with my internal security. The Second option is Form
Authenticated.
My Question is
1) If I use Windows Authentication can I bypass the browser dialog box and
use a form with textboxes to do the sign in. I seen that Microsoft Exchange
Web Outlook 2003 can do this. Is this possible? Someone told me at the asp
group that it was not, but since it was asp and not asp.net, I want it to
ask.
2) Can I run into internal security problems if I give them a restricted
windows account? I guess the answer is yes... (Did I just answer my self?)
3) Can you point me at another method of secure login, like forms but with
encryptation, that can allow me to not have to validate with my domain.
Thank you
Francisco O.
IBLUES