Re: IIS 6 Integrated Security....risks??



"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> escribió en el mensaje
news:OE0nqFjMIHA.4880@xxxxxxxxxxxxxxxxxxxxxxx

"Roberto López" <rlopez@xxxxxxxxxxxxxxxx> wrote in message
news:uqen02bMIHA.5160@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
My first concern is to ensure that the domain server and all data on it
is
sure.

Integrated Windows Authentication does not secure your server, or the data
on it.

And the user names and passwords are secured.

Windows already stores usernames and passwords securely. You need to
protect
these "in transit", and also to ensure that user's do not disclose them to
others

But, with Integrated Windows Autentication the user name and password, as
far as I know, are sent encrypted?

We do not want users to have to write name and password a lot of times.

Write it where? You mean enter them?

Yes, we do not want a lot of forms to enter "user and password" to access
asp.net application.

And
we do not want that users have many different names and passwords to
remember.

So, you need a single authentication store - something like Active
Directory. IWA doesn't help with this per se, because other authentication
mechanisms (like Basic or Digest Auth) can also use AD acconts.


The data that is being passed on those web pages needs to be protected
too.
I think I need SSL to this?

Yes - SSL/TLS is one technology you can use for this. Or IPSec is another.

Cheers
Ken


Thanks a lot.


.

Relevant Pages

  • Re: Integrated Windows Authentication
    ... Basic Auth sends passwords in clear text, integrated sends them hashed. ... I have a website in IIS with only Integrated Windows ... Authentication enabled and not anonymous or Basic Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: IIS 6 Integrated Security....risks??
    ... My first concern is to ensure that the domain server and all data on ... Integrated Windows Authentication does not secure your server, ... Windows already stores usernames and passwords securely. ... But, with Integrated Windows Autentication the user name and password, ...
    (microsoft.public.inetserver.iis.security)
  • Forms and integrated authentication combined
    ... I know how to use both Forms and Integrated Windows authentication. ... both of them have a critical problem, ... the same password as their NT account, meaning passwords would be stored in ... I want to leave "Anonymous access" and "Integrated Windows ...
    (microsoft.public.dotnet.framework.aspnet)
  • Forms and integrated authentication combined
    ... I know how to use both Forms and Integrated Windows authentication. ... both of them have a critical problem, ... the same password as their NT account, meaning passwords would be stored in ... I want to leave "Anonymous access" and "Integrated Windows ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows Authentication problem with IIS6 (Win2k3)
    ... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ...
    (microsoft.public.inetserver.iis)