-1

I have an ASP.NET website hosted on premises and only accessible by my company. I discovered that if I connect it to a server in the DMZ (open to the internet) even though the IIS folder is set to Windows authentication it still works in all devices, browsers prompt for username+password and users can use their windows account (even on iPhone).

I know everyone is now using ADFS with SAML to do that and my company does have ADFS open to the Internet I can use but why bothering? is my method less secure?

j. doe
  • 55
  • 5

1 Answers1

1

You should review the information at https://msdn.microsoft.com/en-us/library/ff359101.aspx. In the end it depends on your requirements. Claims based authentication can provide benefits for the end user, the sysadmin and the developer.

maweeras
  • 166
  • 2