Skip to main content

Windows Authentication & Forms-based Authentication

During my recent interaction with one of the development teams, I came across few queries. Hence, I decided to cover those general questions as part of my few upcoming blogs.
The very first question I received is, when should one go for Windows authentication and when one should go for Form-based authentication?
Now here one of the common response one can receive is – use Forms authentication whenever the user can supply username/password and go for Windows authentication whenever the user can use Windows Login System.
No doubt, this response is correct. But there are few more points which can elaborate it. Let’ have a look at those:
  • If user accounts are created in AD – go for Windows authentication using ActiveDirectoryMembershipProvider
  • If user accounts are created in database, i.e. SQL Server – go for Forms-based authentication using respective membership providers, i.e. SqlMembershipProvider
  • If user accounts are created in database whose direct member ship providers are not available – go for Forms-based authentication by writing custom provider
  • If Windows authentication can not be used with AD for any reason – go for Forms-based authentication
  • If you need more secure policies for password management - go for Windows authentication
  • If you want to use existing account management tools - go for Windows authentication        
I hope these few points will add some more to your knowledge. Happy learning.