3

I'm reading about how wonderful Integrated Windows Authentication is, but there is only a few comments about how it's only good for intranets. So just to be clear, is it safe to say that this technology is not realistic for internet applications? I'm developing a desktop application that connects with SQL Server and I just can't imagine telling all my customers to configure a windows account on their home PCs according to my specifications. Am I missing somethimg because that seems quite unrealistic.

(of course, where the DBA has a close relationship with the users on an intranet, it's a different story.)

Chris
  • 304
  • 2
  • 8

1 Answers1

0

I would have to say yes, Windows Authentication is best left to intranet applications - it's ideal for any authenticated communication that needs to take place on the same network.

It sounds like you want to allow the desktop app (running on your client's machine) to directly talk with your SQL Server? I would strongly recommend against allowing direct public access, especially if you cannot lock the port down to a list of known IP addresses. Instead, consider putting WCF Web Services between the database and the desktop client.

James Allen
  • 789
  • 6
  • 12
  • Yes, I think you're right. Getting comfortable with WCF is next on my list. Thanks for the input! – Chris Apr 24 '11 at 22:16