Users will be out in the field collecting data on windows client app in areas with poor internet connection. Days or even weeks at a time away from any network connection. The lucky ones will bring their laptop back to a regional office to sync the data they've collected when they login to the company network. Others will have to resort to plugging into a client/customer internet connection and/or Internet Cafe connection to perform the data sync.
The app stores the data on a local sql server 2008 R2 express database and the client will initiate a database sync to the SQL Server 2008 standard in HQ as and when connection is available.
User Authentication and role based security are requirements of the App. Which method should I be using: Forms Authentication or Windows Authentication ? (And I think I've come across a 3rd type called Custom Authentication ?)
Sorry, I'm really lost on the authentication stuff - first time doing it and not sure of the pros & cons of each type. Can anyone advise which I should be using for this scenario ?
UPDATE: I've actually got the synchronization working now using the SQL Server's external ip address in the connection string and SQL Authentication for the user logins. Would this be an accepted practice or am I violating any security principles?
I still have to get to the role based security piece - can role based security work with SQL Authentication?
Also, new wrinkle: turns out that some of the remote users once they have been issued their laptop from Head Office may never login to the organisation's Domain again so their Login's Trust relationship with the domain expires after a few months. Therefore, I guess Windows Authentication is not viable anyway...
How will you connect to the HQ db server?
Imo the safest solution would be to sync over WCF (sample with SqlCompact to Sql Server over WCF with N-tier here). You can then implement whatever authentication scheme you want depending on the kind of security (transport and/or message) you implement in WCF. See this and this for more info.