Windows Authentication (asp.net 1.1 C#)

F

Frank

I'm creating a site which will allow our clients to place orders. Because of
different price list and sensitive merchandise we sell (Medical Supplies.)
I'm concerned about security. I though that either I have to do a Windows
Authentication or Form Authentication. If I use windows authentication, I can
validate with my domain and I wouldn't have a problem with that, unless that
would cause a problem with my internal security. The Second option is Form
Authenticated.
My Question is
1) If I use Windows Authentication can I bypass the browser dialog box and
use a form with textboxes to do the sign in. I seen that Microsoft Exchange
Web Outlook 2003 can do this. Is this possible? Someone told me at the asp
group that it was not, but since it was asp and not asp.net, I want it to
ask.
2) Can I run into internal security problems if I give them a restricted
windows account? I guess the answer is yes... (Did I just answer my self?)
3) Can you point me at another method of secure login, like forms but with
encryptation, that can allow me to not have to validate with my domain.

Thank you
Francisco O.
IBLUES
 
D

Dominick Baier [DevelopMentor]

Hi,

i wouldn't recommend using your internal AD for customer accounts. FormsAuthentication
is as secure as IIS integrated auth - and you need SSL for both anyway.

There is no easy way to get a forms based login for IIS integrated auth -
this would require to craft the authentication headers on the client - maybe
be easy for basic auth - but beyond.

I would go for FormsAuth + SSL
 
D

Dominick Baier [DevelopMentor]

Hi,

it is up to you how you store your passwords - FormsAuth is just a mechanism
to "remember" authenticated users (and reject anonymous).

Usually you store the passwords in a database using salted hashes - have
a look at PasswordDeriveBytes class (or Rfc2898DeriveBytes on 2.0)

In ASP.NET 2.0 you may want to have a look at the membership provider.

Also this could be a good start:
http://samples.gotdotnet.com/quickstart/aspplus/doc/formsauth.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

[C Language] Need help transferring Linux CodeBlocks Project to Windows CodeBlocks Project 1
Reading Ports (uart) in windows 3
Configuring Windows-based Authentication and UrlAuthorization 19
Windows authentication times out (?) 0
asp.net windows authentication 3
Forms authentication redirect puzzle with ASP.NET 1.1 0
Authentication 1
Windows Authentication - not seeing Groups 4

Members online

Total: 17 (members: 1, guests: 16)
Robots: 171

Forum statistics

Threads
473,774
Messages
2,569,596
Members
45,132
Latest member
TeresaWcq1

Latest Threads

Top