Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...The enviroment is simple, natural and efficient. The members are competent, educated and professionals..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Member Moderated > Tek-Tips Groups > Information Security Group Forum

ASP.NET Forms Authentication - Security implications

thread1117-1687573
Read More Threads Like This One
rider90 (TechnicalUser)
6 Jul 12 8:26
Good Morning,

We have an Intranet which is accessed by our staff both in the office and remotely.

At the moment they log on using a username and password stored by the Intranet. This is causing problems as the usernames and passwords used are different to there domain login which results in them forgetting it. ALLOT!

So I have suggested to our programmer that we integrate the authentication with our domain so that they only ever need to remember the one set of credentials as they would be using AD Authentication.

The Intranet is database driven, and is sat across two servers. The Database is run by SQL Server whilst the GUI is sat on a Web Server.

Implementing Form Authentication seems easy enough to do according to various posts on the internet, but our concern is the security implications of this. For employees working in the office where the Domain controller is located, I wouldn't imagine there being any problems. Its the 40+ staff who work remotely that would be sending the information via the internet which I am concerned about. Currently the website they use to access our Intranet is http and not SSL. Internally they also connect without SSL although they go to a .local rather than .com page which is also controlled by our DNS etc.

Could you just throw some ideas at me as to what it is we would need to do to secure this? Would using SSL on the site resolve all of this?

Many thanks,
rider90
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Information Security Group

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close