windows authentication vs forms authentication

Windows Authentication provider is the default authentication provider for ASP.NET applications. When a user using this authentication logs in to an application, the credentials are matched with the Windows domain through IIS.

There are 4 types of Windows Authentication methods:

1) Anonymous Authentication - IIS allows any user

2) Basic Authentication - A windows username and password has to be sent across the network (in plain text format, hence not very secure).

3) Digest Authentication - Same as Basic Authentication, but the credentials are encrypted. Works only on IE 5 or above

4) Integrated Windows Authentication - Relies on Kerberos technology, with strong credential encryption

Forms Authentication - This authentication relies on code written by a developer, where credentials are matched against a database. Credentials are entered on web forms, and are matched with the database table that contains the user information.

Windows Authentication refers to authenticating against Windows user accounts on the box that the application is running on.

Forms authentication is a stand alone method of authenticating in .NET forms that you can hook up to some other system, such as a database.

It's pretty simple. Windows Authentication makes use of the Windows Login system.http://en.wikipedia.org/wiki/Integrated_Windows_Authentication

And with Forms Authentication the user will need to provide a username and password manually.http://www.asp.net/web-forms/tutorials/security/introduction/an-overview-of-forms-authentication-vb

The Forms Authentication also allows you to choose where you access the login data from. It could for example be stored in your own local database. While Windows Authentication is only going to use your Windows login data. This data usually comes from Active Directory, if your network is built using an enterprise/buisness/domain setup.http://en.wikipedia.org/wiki/Active_Directory