I am writing a .NET Web API that will be used in an enterprise environment where users authentication themselves using their active directory credentials, so I am using "Windows Authentication" in IIS as authentication scheme for my API, but I am wondering does "Windows Authentication" mean by default that the connection will be secured and the data going through the wire will be encrypted? or it is just used for authentication and the encryption will be my own responsibility? and if it is, how do I secure my data while sending/receiving it if I am using "Windows Authentication"?
Asked
Active
Viewed 172 times
0
-
2Windows Authentication only refers to the authentication part and does not mean that the data you transfer are protected. You still need to use HTTPS if you want this. – Steffen Ullrich Feb 15 '18 at 16:58
-
Thank you, please make it an answer so that I accept it. – Sisyphus Feb 15 '18 at 17:26
1 Answers
1
Windows Authentication only refers to the authentication part and does not mean that the data you transfer are protected. You still need to use HTTPS for data protection.
![](../../users/profiles/37315.webp)
Steffen Ullrich
- 184,332
- 29
- 363
- 424