Authentication types?

Chris R

unread,

Sep 26, 2012, 12:28:28 PM9/26/12

to net-http-a...@googlegroups.com

Hey folks,

Just a quick poll:

What types of authentication have you actually used for any services you've built and/or run?

What other types of auth would you have preferred to use if they were available?

Are your preferences different for Intranet vs Internet?

Sample Auth types:
Forms
Basic
Digest
NTLM
Kerberos
Negotiate
OAuth
Custom auth using the Authentication header
Custom auth using other headers
Client SSL certificates
SSL combine with any of the above

Thanks,
~Chris

Kevin Swiber

unread,

Sep 26, 2012, 1:03:43 PM9/26/12

to net-http-a...@googlegroups.com

On Wednesday, September 26, 2012 at 12:28 PM, Chris R wrote:

Hey folks,

Just a quick poll:

What types of authentication have you actually used for any services you've built and/or run?

What other types of auth would you have preferred to use if they were available?

Are your preferences different for Intranet vs Internet?

I'm mostly building Web APIs outside the .NET ecosystem these days, but... I'm doing HTTP Basic over HTTPS and OAuth v2.

In my enterprise days, it was heavy on the Kerberos (via the Negotiate mechanism). The typical scenario:

* Run client app under domain user credentials (i.e., US\SuperApp).

* Turn on integrated Windows Authentication in IIS.

* Run authorization rules in ASP.NET service based on User.Identity.

I've seen this pattern in every .NET enterprise company that has ever employed me. My guess is it's the most common approach.

--

Kevin Swiber

Sent with Sparrow

Dru Sellers

unread,

Sep 26, 2012, 1:49:14 PM9/26/12

to net-http-a...@googlegroups.com

we are big users of SAML

-d

Reply all

Reply to author

Forward