@#$**!!! MeasureUp Q

Discussion in 'MCSD' started by Justin Dutoit, Aug 25, 2003.

  1. This is a MeasureUp question on authentication-

    "A company is extending their web site to accommodate a new ASP.NET
    application for their customers.
    They are a worldwide company with expected application use in the millions.
    They have decided to use a high performance SQL server to maintain user
    names and passwords.
    Which of the following configurations should they deploy?"

    Correct answer:
    Configure IIS for Anonymous authentication and in the web.config file
    <authentication mode="none" />

    I chose the answer with <authentication mode="Forms" /> (otherwise the
    same), mainly because of the mention of passwords stored in SQL server.

    Excerpt of MeasureUp's explanation:

    "When a SQL server database is used to store usernames and passwords in the
    ASP.NET application, which is recommended in high volume applications, the
    ASP.NET authentication mode is set to "none" as it will not be using the
    services of Active Directory, Microsoft Passport Services, or Forms to
    provide the user names and passwords. The IIS setting is set to Anonymous in
    order to work with this ASP.NET configuration. When IIS is configured to use
    this anonymous access, it does not rely on user accounts and does not prompt
    the user for a log on. Forms authentication obtains user names and passwords
    from the Web Forms page."

    Could someone direct me here, this is confusing ...


    Justin D
    Justin Dutoit, Aug 25, 2003
    1. Advertisements

  2. Justin Dutoit

    Maria Guest

    IMO the question should have given more information to
    allow you to choose between Forms and None. If the only
    thing you have to go on is the 'millions' of users, I
    would aassume that this is an app aimed at the general
    public. Using Forms authentication means that the user
    (1)must have cookies enabled - you cannot assume this
    (2)must log in before being allowed to do *anything* else -
    this is very unfriendly. How would you feel if Amazon
    asked you to log in before even looking at a book?

    So 'none' would seem to be a sensible answer.

    Another reason not to use Forms authentication is that it
    means an additional redirection, wasting time and
    Maria, Aug 25, 2003
    1. Advertisements

  3. Justin Dutoit

    biker Guest

    -----Original Message-----
    Justin, sometimes the practice tests leave a lot to be
    desired. I believe that the real tests are somewhat less
    prone to ambiguities.

    Those that develop tests need to keep stats on the number
    of times applicants fail a particular question and
    correlate these with the overall candidate scores. If a
    particular question often gets wrongly answered even by
    high scoring candidates then there is something wrong with
    the question.

    You can find more information that would support your view
    that forms authentication + SQL server is the way to go in
    an article in MSDN:

    How To: Use Forms Authentication with SQL Server 2000
    J.D. Meier, Alex Mackman, Michael Dunner, and Srinath
    Microsoft Corporation

    November 2002

    With forms authentication you need to provide a login.aspx
    and fix up the config file. When ASP.NET detects access to
    a protected area it looks for an authentication cookie and
    if it does not find one then it redirects to the

    This is not to say that Maria's comments are not relevant
    also. I would note however that you could build a site
    that only checked for authentication at some critical
    stage, e.g. when someone tries to check-out a basket.

    bi-ker (百克)
    biker, Aug 25, 2003
  4. Thanks for the reply


    Justin Dutoit, Aug 25, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.