Re: Authentication? Forms without Anynymous access
From: Paul (Paul_at_discussions.microsoft.com)
Date: Fri, 17 Jun 2005 13:54:02 -0700
ok thanks for the additional information. I collect and store quite a bit of
user information so am hoping to keep using the FORMS authentication. Does
the forms authentication offer any less of a secured website than windows
authentication as this seems to be the concern.
-- Paul G Software engineer. "Joe Kaplan (MVP - ADSI)" wrote: > If you want to keep using that system and forms auth, then yes. > > If you really want to use Windows auth, then you can still do role-based > stuff, but the roles defined for the logged in user will be the user's > domain groups instead. > > Joe K. > > "Paul" <Paul@discussions.microsoft.com> wrote in message > news:F25D38A5-6795-4245-AFA1-659A0492522A@microsoft.com... > > ok thanks for the response. With my web application I have set up roles > > and a > > page that allows an administrator of the web application to add users and > > set > > these roles, so sounds like I need to have the Authentication method in > > IIS > > (Anonymous access) checked or enabled. > > -- > > Paul G > > Software engineer. > > > > > > "Joe Kaplan (MVP - ADSI)" wrote: > > > >> I think you need to have a talk with your admins and help them understand > >> your application better. > >> > >> If anonymous is disabled, that means that users will be authenticated via > >> Windows, generally against a Windows domain, but possible against local > >> machine accounts as well. If your app needs to authenticate users > >> defined > >> in a database, you need to use forms authentication and anonymous must be > >> enabled in IIS for this to work. > >> > >> If the need is for your app to authenticate users in the domain, then you > >> should disable forms auth (switch back to Windows mode in web.config) and > >> authenticate users that way. > >> > >> Joe K. > >> > >> "Paul" <Paul@discussions.microsoft.com> wrote in message > >> news:1BC083A9-9A30-4F93-AE7B-C527FC9BE923@microsoft.com... > >> > Hi I have a .net web application using .net framework 1.1 and am using > >> > forms > >> > authentication (<authentication mode = "Forms">) in web. config file. > >> > So > >> > have a form that inputs user name and password and compares this with a > >> > table > >> > in a dbase. I plan on moving this to a server where they do not allow > >> > Anonymous access, just wondering if the application will still work or > >> > is > >> > Anonymous access just another layer of security? > >> > thanks, > >> > -- > >> > Paul G > >> > Software engineer. > >> > >> > >> > > >