Good morning...
When you go to certain sites and you try to login you get a windows login prompt. How do you do that?? Is that more secure that creating a user login form and hitting the database to see if the user exists??
THank you,
Rich
When you get a windows login prompt thats simply windows security applied on that web sites application folder or page, its equivalent to right clicking a folder on your c:\ drive and giving a specific user account rights to read, modify, write permissions.
Some hosing companies allow you do that so you can create a windows account and assign permissions to folders/files for that account, this is usually done via the hosting companies control panel they have provided. Problem with such a implementation (if it is allowed by your hosting company) is that its not very configurable/scalable.
The advantage of storing user accounts in db is that it gives you access to that user's permissions and capabilities which could form part of the business logic of your application e.g. show delete button, or process/activate order.
Those permissions could be assinged to roles and user assinged to that role, ASP.NET Membership provides all of this out of the box.
Also lets say you use windows security think aboutt what happens when you move your application from one domain to another, do you recreate the user accounts/roles and recreate permission to every folder/file? or simply move the db containing the user accounts?
This thread might help you further your knowledge on this topic. Hope it helps!
http://forums.asp.net/p/372923/372923.aspx
Ok... I guess I am still wondering what is more secure... and login page or a windows autenication?
Is there any tutoirals on this site or another site on setting up a secure login page... I am really new to ASP (coldfusion person).
So after you login.. do you need to set a session variable or how does that work??
Rich
It's not so much about which one is more secure, because both pretty much run as secure as the other. You should probably go with forms based authentication rather than windows based, unless you are running a company intranet and already have user accounts and groups setup. In that type of scenario, you might want to consider windows based authentication in your application. Forms based authentication gives you so much more as far as "control" in your application(s). As far as being new to setting up a login page, you might want to check out the following link for a tutorial and more detailed information regarding forms based & windows based authentication. Hope this help you!
http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/default.aspx
0 comments:
Post a Comment