This project is read-only.

Know your Authentication options

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Understand the authentication options that map to your deployment scenario.
Internet
  • Username authentication with SQL Membership Provider: If your users are not in active directory, consider SQL Membership Provider. This will give you a store that can be easily deployed and created. Configure message or mixed mode security to protect your users’ credentials.
  • Basic authentication with Windows : If your users are already in active directory, or local machine accounts, consider using basic authentication. Use transport security to secure the communication channel and protect your credentials.
  • Username authentication with Custom Store: If your users are in a custom store, consider using user name authentication with a custom validator in order to validate user credentials against your custom store. Unlike the other scenarios, you will have to write custom code to validate your user’s credentials. Use message or mixed mode security to protect your users’ credentials.
  • Certificate authentication with certificates: If your clients are partners or mobile clients connecting over VPN in a peer-to-peer authentication scenario, consider using certificate authentication. If your users have Windows accounts in your domain you can map the certificates to Windows accounts and enable authorization checks based on Windows roles. Certificate authentication requires that you manage certificates, however, it allows seamless authentication for clients who are outside your firewall. Use transport security to secure the communication channel and protect your credentials.

Intranet
  • Username authentication with SQL Membership Provider: If your users are not in active directory, consider SQL Membership Provider. This will give you a store that can be easily deployed and created. Use transport security to secure the communication channel and protect your credentials.
  • Windows authentication with windows: If your users are already in active directory or local machine accounts, consider using windows authentication to leverage this infrastructure. Windows authentication will give you also the benefits of using Windows roles for authorization checks. Use transport security to secure the communication channel and protect your credentials. Consider that local machine accounts configure a authentication with NTLM protocol, which is prone to brute force attacks. For more secure peer to peer authentication, consider using certificate authentication.
  • Username authentication with Custom Store: If your users are in a custom store, consider using user name authentication with a custom validator in order to validate user credentials against your custom store. Unlike the other scenarios, you will have to write custom code to validate your user’s credentials. Use message or mixed mode security to protect your users’ credentials.
  • Certificate authentication with certificates: If your clients are partners or mobile clients connecting over VPN in a peer-to-peer authentication scenario, consider using certificate authentication. If your users have Windows accounts in your domain you can map the certificates to Windows accounts and enable authorization checks based on Windows roles. Certificate authentication requires that you manage certificates, however, it allows seamless authentication for clients who are outside your firewall. Use transport security to secure the communication channel and protect your credentials.

Last edited Jun 12, 2008 at 8:36 PM by prashantbansode, version 1

Comments

No comments yet.