Chapter 12: Creating a Web Forms Interface

In this chapter you will add a Web interface to your application. You will approach it from two ways: the first as a frontend to the Web service you created in the previous chapter and the second as a frontend that hooks directly to the components you created in Chapters 3 to 10.

First, you will examine the different methods of securing an application that does not use Windows Integrated Authentication and you will implement one of these methods for handling security. After you create your new security mechanism, you will hook up your Web user interface to see how everything works.

Targeting Corporate Intranets

Building a Web forms application for an intranet is a whole lot easier than building a Web forms application for an extranet or the World Wide Web. The reason, in a word, is security. Using Windows Integrated Authentication is more than enough security for your application right now. When possible, Windows authentication is always the way to go. It is simple, it is external to the code, and it is strongly encrypted. Also, by using Windows authentication, impersonation, and delegation, the user's identity is authenticated at Internet Information Server (IIS) and at SQL Server. No one can go "around" your security setting. In many Internet applications, a user is authenticated once and given a tag that says they were authenticated successfully. At that point someone can "hijack" a session and continue working as that user. This is not the case with a Windows Authentication security scheme—the user is always revalidated every time they try to connect to a resource.