G
Glenn Wilson
Hi,
I need some help on building a security model for an intranet I am currently
building. I am aware that Intranets lend themselves quite nicely to Windows
authentication, since you would assume that all employees will have accounts
on the web server and the domain in which the server sits. So, I thought
about implementing this method of authentication in my intranet. However, I
now realise that no all users will have accounts on the web server. I
initially thought about adding them, but the volume and type of users that
this involves makes this solution impractical.
I then decided that forms authentication would be the solution. However,
following some usability studies, it is quite clear that our internal
employees will not use the intranet if they have have to log on when they
want to access it. It is not a problem for external users as far as we are
aware who expect to go through the process of logging on to our intranet.
So using forms authentication is not an ideal solution all round.
This leads me to my third idea. What about if I were to provide access to
internal employees through their windows accounts, but implement forms
authentication for those that do not have an account. Trouble is, I believe
that you cannot mix the two forms of authentication within an asp.net
application. Does anyone else have any suggestions about the best way for
me to move forward?
Glenn
I need some help on building a security model for an intranet I am currently
building. I am aware that Intranets lend themselves quite nicely to Windows
authentication, since you would assume that all employees will have accounts
on the web server and the domain in which the server sits. So, I thought
about implementing this method of authentication in my intranet. However, I
now realise that no all users will have accounts on the web server. I
initially thought about adding them, but the volume and type of users that
this involves makes this solution impractical.
I then decided that forms authentication would be the solution. However,
following some usability studies, it is quite clear that our internal
employees will not use the intranet if they have have to log on when they
want to access it. It is not a problem for external users as far as we are
aware who expect to go through the process of logging on to our intranet.
So using forms authentication is not an ideal solution all round.
This leads me to my third idea. What about if I were to provide access to
internal employees through their windows accounts, but implement forms
authentication for those that do not have an account. Trouble is, I believe
that you cannot mix the two forms of authentication within an asp.net
application. Does anyone else have any suggestions about the best way for
me to move forward?
Glenn