Windows Authentication Vs. Form-Based Authentication

During my recent interaction with a development team, I came across a few queries. Hence, I decided to cover those general questions as part of a few upcoming articles.
 
The very first question I received is: When should one go for Windows authentication and when should one go for Form-based authentication?
 
Now here, one of the common responses is, use Forms authentication whenever the user can supply a username/password and go for Windows authentication whenever the user can use the Windows Login System.
 
No doubt, this response is correct. But there are a few more points to elaborate on.  Let’s have a look at those.
  • If the user accounts are created in AD – go for Windows authentication using ActiveDirectoryMembershipProvider
  • If the user accounts are created in the database, i.e. SQL Server – go for Forms-based authentication using respective membership providers, i.e. SqlMembershipProvider
  • If user accounts are created in a database whose direct membership providers are not available – go for Forms-based authentication by writing a custom provider
  • If Windows authentication cannot be used with AD for any reason – go for Forms-based authentication
  • If you need more secure policies for password management - go for Windows authentication.
  • If you want to use existing account management tools - go for Windows authentication.
I hope these few points will add to your knowledge. Happy learning.


Similar Articles