Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.NET Forms Authentication - Security implications

Status
Not open for further replies.

rider90

Technical User
Jun 17, 2011
64
GB
Good Morning,

We have an Intranet which is accessed by our staff both in the office and remotely.

At the moment they log on using a username and password stored by the Intranet. This is causing problems as the usernames and passwords used are different to there domain login which results in them forgetting it. ALLOT!

So I have suggested to our programmer that we integrate the authentication with our domain so that they only ever need to remember the one set of credentials as they would be using AD Authentication.

The Intranet is database driven, and is sat across two servers. The Database is run by SQL Server whilst the GUI is sat on a Web Server.

Implementing Form Authentication seems easy enough to do according to various posts on the internet, but our concern is the security implications of this. For employees working in the office where the Domain controller is located, I wouldn't imagine there being any problems. Its the 40+ staff who work remotely that would be sending the information via the internet which I am concerned about. Currently the website they use to access our Intranet is http and not SSL. Internally they also connect without SSL although they go to a .local rather than .com page which is also controlled by our DNS etc.

Could you just throw some ideas at me as to what it is we would need to do to secure this? Would using SSL on the site resolve all of this?

Many thanks,
rider90

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top