----------------------------------------------------------- New Message on BDOTNET
----------------------------------------------------------- From: BhavtoshS Message 2 in Discussion hi Arun, first of all a good question you asked. .NET web apps can use windows authentication as well as forms authentication. certainly ur right as far as yr approach follows the basic principal as you mention in your issue no.2. To answer yr question, 1. well one of the basic practise is use windows authentication as long as any solution in running in an intranet zone. so its not a problem and .NET takes cares of validating users. 2. pretty tricky yet simple to understand, the point is "How can i use windows authentication for the users who are not part of my domain/network", simply means that you have to think of "Forms Authentication", which is a pretty good alternative to authenticate external users, but Forms Authentication requires cookies to be enabled, so in case the cookies are not enabled, there might be a problem. so which approach to use is totally dependant on how you want to authenticate users? Few possibilities: -If your application is making calls to site of XYZ bank , then XYZ bank must be providing some sort of API's or a library of a COM+ component, which you can use in yr app. -Since your business case is straight forward so i think you must be comfortable to know that WA(windows authentication) is not meant to used when you have external users accessing it from anywhere. So going for FA(Forms authentication) which is little better than WA here, can be a good alternative. -Other way to authenticate the external users is EITHER to use Session to store their credentials and use them for every request which is not a heavy cost on performance OR maintain the registered/allowed user's information in DB and for first time call, validate their credentials(i mean the username and password entered on the web page) and save a flag either in a Cookie. You have really come out with a real life case and this is what i can think at the moment to hellp you to understand the typical diff between WA and FA. I have few queries to understand it better: -where do you authenticate the user? on your server or server of XYZ? its important to know that if you authenticating users on your side, means you are taking over head of validating rather XYZ bank doing that for the requests from diff customers. Any further queries then dont mind or if you come out with a better idea then do share it, will help others too. [Bhavtosh] ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/BDotNet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]
