The Akcelerant Framework supports both SQL and Windows authentication. The SQL server can be configured for SQL only, Windows only or both as long as the matching authentication mode is specified during installation.
Windows Authentication
When connecting through a Windows user account, the SQL Server validates the account name and password using the Windows principal token in the operating system and the user identity is confirmed by Windows. The SQL Server does not ask for the password, nor does it perform the identity validation. Windows Authentication is the default authentication mode which is more secure than SQL Server Authentication.
Windows Authentication also uses Kerberos security protocol which provides password policy enforcement with regard to complexity validation for strong passwords, provides support for account lockout and supports password expiration. A connection made using Windows Authentication is commonly referred to as a trusted connection because the SQL Server trusts the credentials provided by Windows.
Advantages- Credentials are not stored in clear text in Akcelerant Framework configuration files.
- Stronger password policy control than SQL Server credentials.
- Easier for network administrators to track and manage through Active Directory without having to know the SQL server administration.
- One-click login to the Framework is unavailable with Windows Authentication due to double hop limitation.
SQL Authentication
When using SQL Server Authentication, logins are created in SQL Server that are not based on Windows user accounts. Both the user name and the password are created by using SQL Server and stored in SQL Server. When using SQL Server Authentication, strong passwords must be set for all SQL Server accounts. These credentials are stored in clear text in the website configuration (web.config) and the process configuration (config.xml) files.
- Allows users to connect from unknown or untrusted domains. For example, an application connecting established customers with assigned SQL Server logins to receive the status of their orders.
- Allows the SQL Server to support web-based applications where users create unique identities.
- Allows software developers to distribute applications by using a complex permission hierarchy based on known, preset SQL Server logins.
- SQL Server Authentication cannot use Kerberos security protocol.
- Additional password policies offered by Windows are not available for SQL Server logins.