Use Windows Authentication When You Can

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use Windows authentication in the following scenarios:
  • When both the client and service are in trusted domains, such as in an Intranet scenario. By using Windows authentication with Active Directory, you benefit from a unified identity store, centralized account administration, enforceable account and password policies, and strong authentication that avoid sending passwords over the network.
  • When service uses a local machine accounts, in this case client can authenticate using NTLM protocol. Consider NTLM is not secured, opening avenue for man in the middle attacks where the hash password send in the wire can be compromised by brute force attacks. While windows authentication can be used without active directory, consider using more secure methods like certificate authentication.

Last edited Jun 12, 2008 at 8:40 PM by prashantbansode, version 1


No comments yet.