Need Help Picking IIS Authentication Type (Username & Password)

[malebolgia Veteran]

Long story short I'm needing to add somekind of a username & password prompt to a Windows 2008 IIS7 server. To be honest IIS isn't my cup of tea, especially when it comes to picking the authentication type. There are so many choices: basic authentication, digest authentication, windows authentication, form authentication, and so on. If anyone can provide any guidance on which on to use, please post. :)

FYI, the server is alone.. meaning it has doesn't have access to active directory or a database.

[bobbba]

Easy really:

Basic works fine but needs SSL to be secure

Digest needs a domain controller so no good

Windows Authentication is only practical for intranet sites

Forms Authentication has to be coded in to the pages/web app

[malebolgia Veteran]

Easy really:

Basic works fine but needs SSL to be secure

Digest needs a domain controller so no good

Windows Authentication is only practical for intranet sites

Forms Authentication has to be coded in to the pages/web app

Nice list thanks!, I completely forgot to post that all web content on the server is through SSL. So it looks like Basic is the way to go?

[bobbba]

Nice list thanks!, I completely forgot to post that all web content on the server is through SSL. So it looks like Basic is the way to go?

From what you've said, yes I'd ho with https & basic auth.

SSL doesn't need any particular authentication, it's just encryption of traffic. Basic uses only plain text so it pretty much must have SSL to be safe.