Is Windows Authentication for WCF Enough?


I am developing an application where the security requirements for data transferred and access are fairly high. As I understand, Windows authentication is the preferred method for TCP over an intranet.

How do you deal with situations where Domains are not used and only simple workgroups are available? (Some customers will not be using domains to manage the networks).

Is using the interactive clients details (currently logged in user) enough, or should I get them to separately re-enter their username and/or password, as otherwise aren't I leaving security up to the network administrator to make sure they have an appropriate policy (ie. the computer is locked after a period of time)? This is particularly important as I know some of the users are prone to leaving their computers logged in, so how do I ensure that the account owner is the actual user?

If so, whats the point of using Windows authentication over say username/password authentication if they are just re-entering their authentication details?


By : laurencer


The purpose of using Windows Authentication is to take advantage of the pre-existing membership scheme. In enterprise level development this means the administrator has the centralised membership control panel they are used to using to manage the domain level security. The additional benefit for users is a single login to the computer grants access to multiple applications without having to re-enter their details.

If you don't have domain level security already established and there are no plans to migrate in that direction the membership provider option would be the better option in aspnet. Obviously you will then need to plan how the enterprise would handle the maintenance of multiple login and authentication providers.

[Edit] Ah...Igor got there first.

By : nullnvoid

The point of using Windows authentication is to have a centralized directory for network objects management. If you have workgroups I say you better go with another technology, maybe membership provider and role provider.

This article talks about the cons of doing something like this.

Most sites don't change the slug for the reason that if a user edits her title it shouldn't break any links to the post that have already been made.

By : alxp

This video can help you solving your question :)
By: admin