Between Windows Authentication and SQL Server Authentication, which one is trusted and which one is untrusted?

 Posted by Charugoel on 2/4/2009 | Category: ASP.NET Interview questions | Views: 9622

Windows Authentication is trusted because the username and password are checked with the Active Directory, the SQL Server authentication is untrusted, since SQL Server is the only verifier participating in the transaction.

Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Posted by: Kumar_jay99 on: 5/10/2011 | Points: 10

Windows Authentication is used when your user is tied up with the Windows Domain and you can validate the requested user against your domain controller or Active Directory.
You should choose Windows authentication if your user accounts are maintained by a domain controller or within Active Directory and there are no firewall issues.
The main benefit of using Windows authentication is that it can be coupled with IIS authentication so that you don't have to write any custom code. Compared to other authentication mechanisms, Windows authentication does not pass the user credentials over the wire. Windows authentication also provides a seamless user experience. Therefore Windows authentication should be used wherever possible.

When you configure ASP.NET for Windows authentication, it can be coupled with IIS authentication where IIS authenticates your application's users by using Basic authentication, Integrated Windows authentication, Digest authentication, or Client Certificate authentication. Both Integrated Windows authentication and Client Certificate authentication provide strong authentication, but Integrated Windows authentication is recommended unless you have a PKI infrastructure and your clients have certificates.

SQL Server Authentication is more storing the user information in the database and when user returns you pick there user name and password to validate against the stored information in SQL Server database. This approach is taken in the internet application where they can store some information during the signin and validate when they return back.

You have to Write a code to get the user information, Access the database and validate whether that user is registered user or not.

Hope that helps

Login to post response