Forms Authentication it is amazing but?!!


I have some implementations of the EPM where I used the Forms authentication to authenticate the EPM users. I have wrote my notes and would like to share it with you regarding this

Why to go for Forms Authentication

  1. Some of the EPM users are not part of the organization domain
  2. There is no Active Directory
  3. The user can not access the organization domain

Why NOT to go for that?

Well, do you want me to speak technically or from implementation prospective?

I guess you said both?

  • Technically
    1. leakage of information for MS Sharepoint Forms Authentication as it is not embedded by default
    2. Poor user control functionality.
    3. No out of the box tool for editing users online
  • Implementation
    1. Poor approach to design the security Rules for passwords
    2. Most of the customer forgot their Forms Passwords but they don’t do the same with AD passwords
    3. Accordingly getting the users accounts locked, this is not the issue, the issue is the poor approach to get them back.
    4. Integration with Outlook is another bad thing, once you open the outlook and entered your AD password you will get asked to enter your forms credential. Most of my users consider it as a double job that they don’t like

Best Regards

Bilal Okour

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s