You are developing an ASP.NET MVC application to be used on the Internet. The environment uses
Active Directory with delegation to access secure resources.
Users must be able to log on to the application to maintain their personal preferences.
You need to use the least amount of development effort to enable users to log on.
What should you do?
A.
Enable Forms authentication
B.
Enable Windows authentication
C.
Generate server SSL certificates and install them in IIS
D.
Enable Digest authentication
Explanation:
Requirements for Delegation
Delegation relies on Integrated Windows authentication to access resources. There is no limit on the
number of computers that you can delegate your account ‐‐ you must correctly configure each of
them. The Integrated Windows authentication method works only if the following two conditions
exist:
/ You set up your network to use the Kerberos authentication protocol that requires Active
Directory.
/ You set up the computers and accounts on your network as trusted for delegation.
Windows Auth is suitable for Intranet apps. I think it should be Digest Auth
The question says “You are developing an ASP.NET MVC application to be used on the Internet.”, so you can’t take an intranet approach
B: Somewhat agree with Mitko, AD based Windows Authentication is not something you usually allow on the internet. Although we can use firewall and proxy to make it work without development.
So B is the closest answer in my opinion.
C, D: I believe certificates and Digest autentication cannot delegate security credentials.
A: Form autentication is pure development and not related to AD, preferably a SQL server user table, but we need to use the least amount of development.
Reference:
https://msdn.microsoft.com/en-us/library/aa292114(v=vs.71).aspx