Reputation: 424
Which authentication approach is better for my application?
we are going to build a asp.net web based application but are stuck at point where we are unable to decide what authuntication method should we used? (Active Directory Authentication or Forms Authentication Provider)
80% of the application is going to be used inside the company(all the users are part of active directory) and rest 20 is going to be used from outside. This application is going to have intense permission based on user(probably control level. i.e. a grid might have differet column for user A than user B on same page)
I am just wondering what is the best way to go?
Upvotes: 1
Views: 103
Answers (3)
Reputation: 3575
Many companies maintain very tight control over who can manage their LDAP permissions (and rightly so). Depending on how often you need to add/remove/change permissions for users, and how much red tape and pain you need to go through to make those changes in the LDAP system, that may represent a significant drawback to that approach.
Obviously, that shouldn't be your one and only decision point - but it's probably worth including in your pros/cons list.
Upvotes: 1
Reputation: 46047
I wouldn't use LDAP for authentication. It's easy to implement, but logging is less reliable because the user cannot simply log off the application, which means that if someone else comes on and starts making changes, those changes will be tracked to the user who was logged into the computer. Users should be able to click a "Sign out" button somewhere on the page and be done with it.
You can use the Windows identity with FormsAuth, which seems to strike a comfortable medium between the two approaches. The good thing about windows authentication is that it forces consistency with usernames between the application and the domain, but there are circumstances where that's not a good thing either.
Upvotes: 0
Reputation: 8206
There is no reason why you can't use LDAP with Forms Authentication. I do it all of the time. Basically, I use the LDAP to authenticate the user and grab any groups that they are in which are relevant to my application. I use forms to manage the cookies and application specific permission. You can provide an alternate form of authentication as you so desire, you just need to provide a way for your application to know when to use the LDAP or the alternate method.
Upvotes: 5
Related Questions
- asp.net authentication of users best methods webforms
- When to use Form authentication and windows authentication in asp.net and why?
- ASP.NET authentication advice
- Why to use ASP.NET Identity or Form Authentication?
- How to choose right approach to authentication and authorization
- Using FormsAuthentication or using Session
- Implementing Forms-Based Authentication
- Forms or Basic Authentication
- Which FormsAuthentication method to use?
- Best Practice for ASP.NET Security Authentication and Authorization