I need to publish a website on a DMZ Server with Active Directory authentication. Its not a public website.
I need to understand the advantages/disadvantages of publishing with SSL and without SSL
Well - what's important is how the AD credentials are sent from client to server.
SSL will ensure that the credentials are encrypted even if the credentials are set to 'plain text' in IIS...
It will also validate that the server users are connecting to is the server it says it is - really anywhere where you want users to put their AD credentials (which if compromised could get someone access to any number of things) should be verified in this way...
Please rate helpful posts..