In my opinion, any public site where you either display or accept input of a users/sensitive data should be protected by SSL.

If you're concerned about cost, you can create a free self-certified SSL cert for a *really* small site, or for ~£30 you could get a godaddy ssl certificate that's accepted by most browsers.


Browsers that support Integrated Windows Authentication.

Cheers,
Lance

Hi,

only IE encrypts credentionals, all other browsers sent your credentials in plain text since they didn't support ntlm....

It does not work this way. If the browser does not support Windows Authentication method (NTLM, NTLMv2, Kerberos -> set by server) its unable to display the web page. Using SSL does not make sense, since SSL will not be used in Windows Authentication at all.

You may enable more methods then one!
- like "basic authentication" (which sends the credentials in clear text)
- or "digest authentication" (which uses SSL)
- or Kentico classic login form web part (which uses plain text or SSL depending on the webpage settings)
- or anything that can be found in IIS Authentication section...

Best regards,
Ivana Tomanickova

Thanks for your replies. In my research I found a good article explaining Windows Authentication in detail. I think it will help others with the same questions that I had.

https://confluence.slac.stanford.edu/display/Gino/Integrated+Windows+Authentication