Results 1 to 6 of 6
  1. #1

    Password protecting section of a website [IIS6/ASP.NET]

    I was just wondering what the most appropriate way is to secure a part of a website for members only using IIS6/ASP.NET? Is it dangerous to use windows authentication? I'm sort of new to this so I appreciate any help!

  2. #2
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    4,721
    I'm not sure how helpful this might be:
    http://www.15seconds.com/issue/020220.htm
    Hyperconfused (™)

  3. #3
    Thanks, that was really helpful! I was just wondering if there is any security issue or problem with using Windows authentication instead of Forms authentication with asp.net? I.e. is it bad practice to use Windows authentication instead of Forms authentication for password protecting a membership-only section of a website? Thanks again!

  4. #4
    Join Date
    Jan 2004
    Posts
    406
    Originally posted by final999
    Thanks, that was really helpful! I was just wondering if there is any security issue or problem with using Windows authentication instead of Forms authentication with asp.net? I.e. is it bad practice to use Windows authentication instead of Forms authentication for password protecting a membership-only section of a website? Thanks again!
    Windows authentication is more secure because instead of sending the username and password it sends a hash (don't use basic authentication). The biggest problem I have with Windows authentication is user management. I find it a lot easier to manage users programmatically in a database than in windows. One other issue is that windows authentication has been known to have problems with some firewall configurations.

    Unless it is an intranet I have always used form based authentication.

  5. #5
    Join Date
    Feb 2004
    Posts
    772
    Hi,

    IIS6/ASP.NET is not dangerous way.If you feels like then why don't you go for ssl. It's available with iis 6.0.

    Another solution is, in .net one new feature is there using this you can configure your web pages to more secure.

    Web.config acts as a central location for storing the information to be accessed by web pages. This information could be a Connection String stored at a centralized location so that it can be accessed in a data-driven page. If the connection string changes its just a matter of changing it at one place.

    to know more about web.config please refer this link:

    http://www.c-harpcorner.com/Code/200...igInASPNet.asp

    http://www.123aspx.com/directory.aspx?dir=85

    Regards,

    Bright
    24 / 7 Technical Support
    Bright Info Solutions

  6. #6
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •