I'm developing a ASP.NET MVC application that runs on one server. The server has user accounts.
The user accounts are not allowed to RDP to the server, but I want to give them a way to change their password through my website.
The website has a home page that anonymous users can see, also an account page that users have to use their windows credentials to log in and see, and there is a Forget Password button. If the users forget the password, I can reset for them.
The users go to my website through Internet.
Is Windows authentication able to allow anonymous access to some page? Is Form authentication able to read Windows account credential? Which way is easier in implementing my requirements?
In general, there is extensive information on ASP.NET MVC authentication types available.
The Problem with Windows Authentication is, that it's quite limited. You can't really have a "Forgotten Password" function with Windows Authentication, it's basically read-only access, but on the other hand, the easiest/fastest solution for Windows Intranet Sites. That's by design, users should change their password through Domain functions. Anonymous access is easy, for example, simply decorate a single method ("Action") or a whole Controller with the [AllowAnonymous] attribute.
Your most flexible choice probably is to use ADFS. It's best of both worlds. You can have a combination of Windows authenticated internal users, Forms authenticated external users (with Username/Password incl. "Forgot Password" function etc.) and anonymous access, as described here. But it's not the easiest way obviously.