Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authentication Pros & Cons (Forms vs Windows)

Status
Not open for further replies.
GeeWond3r

GeeWond3r

IS-IT--Management
Sep 5, 2003
65
US
I'm going back and forth as to which kind of authentication method to go by. Can you guys give me some real world examples or conceptuals on the pros and cons of Forms -vs- Windows Authentication. There's been issues that Windows mode via Active Directory is the better one since it AD logs everything, plus has a better security protection. Then there's the Form mode via SQL Server.

Enquiring Minds wants to know...

Thanx!
 
Sort by date Sort by votes
It's usually a pretty clear-cut decision - if you're building a private/intranet-type application where all the users will be members of a specific domain then Windows is the way to go. On the other hand, for a public internet site where you will have many different users using different browsers and operating systems, use Forms.



Greetings,
Dragonwell
 
Upvote 0 Downvote
The only problem with Forms Authentication, using it
on the Internet, is that cookies must be enabled on
the client browser. I'm building a Web Store and this
might cost me some customers.

I'm working on a solution where I can check to see
if cookies are enabled (write a cookie then read it,
checking for empty string) and then using Session
state for the cookieless browsers.
 
Upvote 0 Downvote
dragon: my application is a time reporting system which is open to contractors outside my company. So I guess Forms authentication is the way to go. However, my netwrk admin is still persistent on using Windows mode since all logs are recorded + the security is much better.

Mike: couldn't I simply use the session state thru out w/o using cookies?
 
Upvote 0 Downvote
To tell you the truth, I'm still a little confused about
Forms Authentication and cookies and Session State.
But I know that by default, Session State uses cookies.
You have to go into Web.config and change it to "true":

<sessionState cookieless="false" />

then I believe the SessionID is handled through
Query String parameters that are passed back and
forth from client and server.

I haven't had time to analyze this article, but this
person says you can use Forms Auth. without cookies:


I still have to investigate this problem some more.
 
Upvote 0 Downvote
A common source of confusion is between FormsAuthentication's use of cookies and Session cookies. The two are not related! Even with <sessionState cookieless="false" />, FormsAuthentication will still use a cookie to hold the authentication ticket.

If your network admin wants the task of maintaining all the user accounts, go ahead and use Windows authentication.

Greetings,
Dragonwell
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
763
Moregelen
Moregelen
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
499
Rajkumarrrrr
Rajkumarrrrr
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
243
NoCoolHandle
NoCoolHandle
WIREMESH
  • Locked
  • Question
Adding https to existing ASP.NET 2.0 web forms application
Replies
1
Views
286
jbenson001
jbenson001
tshad
  • Locked
  • Question
Windows forms show and showdialog working differently displaying datagridview
Replies
3
Views
235
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top