windows authentication vs forms authentication

Question

I am trying to understand concepts of windows authentication, forms authentication and their differences. I am confused. Can someone help me in clarifying this.

Thanks.

Answer 1

Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application, the credentials are matched with the Windows domain through IIS.

There are 4 types of Windows Authentication methods:

1) Anonymous Authentication - IIS allows any user

2) Basic Authentication - A windows username and password has to be sent across the network (in plain text format, hence not very secure).

3) Digest Authentication - Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above

4) Integrated Windows Authentication - Relies on Kerberos technology, with strong credential encryption

Forms Authentication - This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.