Integrated Windows Active directory authentication

Hi

Ours is a distributed client server application(WinForms). We are evaluation two authentication models, one using Active Directory windows authentication and other is custom SQL server based authentication. If the workstations are not connected to the domain controller and the user was authenticated(during logon to the workstation) using workstation cached credentials, will the integrated windows authentication work in such cases

Is is secure to rely on cached credentials Will windows use the cached credentials to authenticate the user even if the workstation is connected to the domain controller

Thanks,

Dharan

Architecture2

Hi Dharan,

I'm not an Identity expert but I knew about an article which explained how to achieve, from a WinForm app, the same Authentication model as in ASP.NET 2.0: http://msdn.microsoft.com/msdnmag/issues/05/04/Security/default.aspx

Eventually, I know that .NET 3.0 provides a new model called CardSpace, http://msdn2.microsoft.com/en-us/architecture/aa480189.aspx

Guidances on Identity and Access are available here: http://msdn2.microsoft.com/en-us/architecture/aa699425

the integrated windows authentication will work in such cases

Thanks for the response.

Just to clarify, I wanted to understand in a typical kerberos type authentication is really a domain controller contacted. If yes, is it always contacted The local credentials cache is used only when the domain controller is not available When an application is on Integrated Windows authentication what happens Does the application authenticate the user again Or just the security context is inherited How is it inherited Is there a authentication check at all

Am not sure, this is the right forum to post this. Am reading through all the msdn pages, I couldn't get a clear picture.