Your description of your security sounds normal and reasonable. You may need to get some specifics from your client as to what exactly it is that they aren't happy about regarding your level of security. Without such knowledge, it is hard to determine if Cardspace will improve things. It is possible that it's just your client's understanding, or perhaps just a miscommunication between you and your client.
Cardspace is a part of the .net 3.0, and as such, it is required on the client machine. IE7 is not enough. Cardspace is new and doesn't have widespread acceptance yet; however, I'm encouraged by early adopters like DotNetNuke incorporating support. I also know of a well known company in Oregon that is developing systems for banks based on it. You can also go with Microsoft LiveID, or OpenID (the open standard implemented by Cardspace). ActiveDirectory might be useful if your application is in-house, but would likely not be the best choice for out-of-house applications unless trusts have already been established, or your customer is willing to invest in federated identity solutions. Please recognize though that none of these technologies will be useful at all if your client isn't concerned with the security of the authentication provider but with something else in your implementation. --Paul Mehner -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Paul Cowan Sent: Monday, November 19, 2007 9:05 AM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: [ADVANCED-DOTNET] Increased security Hi all,We just had a meeting with one of our clients and they were not happy with the level of security. We use FormsAuthentication with the usual sort of set up. We use HTTPS throughout the application and the passwords are stored as MD5 hashes in the backend SQL Server database. The question that I have is what can I do to increase this? Is cardspace a viable answer or is it just too young? Does the client machine have to have .NET 3.0 installed for cardspace or is IE7 good enough. Would ActiveDirectory help or is that a massive undertaking.Any suggestions what so ever appreciated? Paul [EMAIL PROTECTED] _________________________________________________________________ Get free emoticon packs and customisation from Windows Live. http://www.pimpmylive.co.uk =================================== This list is hosted by DevelopMentorR http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
