authentication/login scheme

From: Kevin (anonymous_at_discussions.microsoft.com)
Date: 12/08/03

• Next message: compwolf: "Re: Security issues running HTA on Server 2003?"
• Previous message: Barry Fitzgerald: "Unauthorized / Service Unavailable ??"
• Next in thread: Bernard: "Re: authentication/login scheme"
• Reply: Bernard: "Re: authentication/login scheme"
• Reply: Christopher Haun: "RE: authentication/login scheme"
• Reply: Paul Lynch: "Re: authentication/login scheme"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 8 Dec 2003 06:41:09 -0800

I am a developer, not an administrator and want to ask
you guys for advice on designing a login/authentication
scheme for a new .Net C# product.

-The product will run on customers' intranets. (The
website may be accessed remotely but we are not ruling
out forcing them to go through a VPN.)
-The logins will come from a database not from Windows
accounts.
-We would rather not pay to subscribe to a third party
service (this is my assumption about Passport and some of
the certificate methods).
-We would rather not force the user to deploy a
certificate on each client machine that might try to
access the web site. (We are looking for a highly
automated install that will require as little from the
customer as possible.)
- The authentication scheme used should affect this web
site only and not all of our customers' sites.
- We need to keep the information secure including the
login credentials that are compared against the database.

I know that I have various methods at my disposal: Forms
Authentication, various IIS Windows Authentication
methods and ISAPI filter DLLs. Although I have a general
understanding of each option, I don't yet know enough to
make thorough comparisons between the methods based on
our requirements. Any advice you guys could give will be
appreciated.

---

• Next message: compwolf: "Re: Security issues running HTA on Server 2003?"
• Previous message: Barry Fitzgerald: "Unauthorized / Service Unavailable ??"
• Next in thread: Bernard: "Re: authentication/login scheme"
• Reply: Bernard: "Re: authentication/login scheme"
• Reply: Christopher Haun: "RE: authentication/login scheme"
• Reply: Paul Lynch: "Re: authentication/login scheme"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages authentication/login scheme ... -The product will run on customers' intranets. ... The authentication scheme used should affect this web ... Authentication, various IIS Windows Authentication ... Any advice you guys could give will be ... (microsoft.public.dotnet.framework.aspnet.security) Re: authentication/login scheme ... >-The product will run on customers' intranets. ... >- The authentication scheme used should affect this web ... >Authentication, various IIS Windows Authentication ... Any advice you guys could give will be ... (microsoft.public.inetserver.iis.security) Network scheme ... BITS IBackgroundCopyJob2::SetCredentials requires a specific scheme to use ... Any one knows how do I retrieve the current authentication scheme? ... Please advice, thanks! ... Prev by Date: ... (microsoft.public.vc.mfc) Re: Govt loses personal details of half the country! ... How much data is going to be collected under this scheme? ... Biometric information as a means of authentication is worrying. ... relates to your finger or eye or whatever that presumably only you have, ... I have no faith in the data on this database being entirely correct. ... (uk.philosophy.humanism) Shared Authentication Scheme - the reason for the Redirect and POST mailing ... I am at the very early stages of developing a shared authentication scheme ... The server will be proprietary software, but the client ... (php.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)