Forms Auth. vs IIS Auth.

Re: Forms Auth. vs IIS Auth.

Kevin,

I would say less secure, because Forms Autnetication relies on browser
cookies for everything. You should understand that Forms
Authentication was designed for public web sites. If you were trying
to "secure" an on-line store for example you would implement this type
of secuirty.

The alternative would be Windows Integrared Security which would be
going though the NTLM or Keberos, Or you could use the Microsoft
Passport protocoil (IIS 6.0 and above only I believe). I would only
use Integrated security for Intranet web sites (since the users has to
be logged into a reconized domain for their credientals to be picked
up).

FYI- This question is really suited for the aspnet newsgroups, you
probably would have recieved a much faster response there.

-Jeremy




"Kevin" <anonymous@disc ussions.microso ft.com> wrote in message news:<08ca01c3b b6b$38a9c210$a0 01280a@phx.gbl> ...[color=blue]
> Is using forms authentication any less secure than using
> one of the more secure IIS authentication methods?
>
> I am wanting to authenticate against credentials in a
> database.
> I see two ways of doing this. The first is through forms
> authentication and trying to encrypt the credential data
> being transmitted over the network. The other is using
> IIS authenication and an ISAPI filter dll to handle the
> authentication against the database.[/color]