During my recent interaction with a development team, I came across a few queries. Hence, I decided to cover those general questions as part of a few upcoming articles.
The very first question I received is: When should one go for Windows authentication and when should one go for Form-based authentication?
Now here, one of the common responses is, use Forms authentication whenever the user can supply a username/password and go for Windows authentication whenever the user can use the Windows Login System.
No doubt, this response is correct. But there are a few more points to elaborate on. Let’s have a look at those.
-
If the user accounts are created in AD – go for Windows authentication using ActiveDirectoryMembershipProvider
-
If the user accounts are created in the database, i.e. SQL Server – go for Forms-based authentication using respective membership providers, i.e. SqlMembershipProvider
-
If user accounts are created in a database whose direct membership providers are not available – go for Forms-based authentication by writing a custom provider
-
If Windows authentication cannot be used with AD for any reason – go for Forms-based authentication
-
If you need more secure policies for password management - go for Windows authentication.
-
If you want to use existing account management tools - go for Windows authentication.
I hope these few points will add to your knowledge. Happy learning.