我该如何重新进行身份验证在ASP.Net MVC 3 _Intranet_应用程序的用户? [英] How do I re-authenticate a user in an ASP.Net MVC 3 _Intranet_ application?
问题描述
让我解释一下:应用程序已经在使用Windows集成安全性,而不是形式。我试图做到的是所谓的一步式验证,或者用于以下情形力量的重新验证:
Let me explain: the application is already using Windows integrated security, not Forms. What I am trying to accomplish is a so called "step-up" authentication, or "force re-authentication" for the following scenario:
- 的用户浏览该网站在做共同的,琐碎的东西
- 突然,用户必须做一个动作灵敏,如授权
一个的ressource分配或确认汽车贷款或类似的东西 - 将提示用户输入凭证之前,他(她)的重定向到
敏感的页面,类似SharePoint的方式登录为
以不同的用户 - 如果,且仅当输入的凭据是
一样为当前登录的用户的应用程序
进入敏感区域。
这将prevent以下2个问题:
This would prevent the following 2 issues:
- 的用户去开会或咖啡,忘记锁
工作站和同事使用以访问敏感的会话
区 - 用户输入他或她的老板的凭据(因为,让我们
他说,在老板偷看'史荷特)进入敏感区域。
我知道,有些人会看这是妄想症,也有些人会说这是常识,应该是建立在某处的框架(jQuery的或.NET)
I know, some would look at this as "being paranoid", but also some would say it's common sense and should be build in a framework somewhere (jQuery or .NET)
我真的AP preciate任何输入。谢谢!
I would really appreciate any input. Thank you!
推荐答案
有如下形式发送的凭据,要执行的操作,即,一些操作需要提供用户名/密码请求一起。使用PrincipalContext ValidateCredentials 的方法,以确保适当的凭证已被输入和检查提供的用户名在 User.Identity 对象中的当前用户名相匹配。
Have the form send the credentials along with the request to perform the action, i.e., some actions require that you provide username/password. Use the PrincipalContext ValidateCredentials method to ensure that the proper credentials have been entered and check that the username supplied matches the current username in the User.Identity object.
public ActionResult SensitiveAction( SensitiveModel model, string username, string password )
{
using (var context = new PrincipalContext(ContextType.Domain))
{
if (!string.Equals(this.User.Identity.Name,username,StringComparison.OrdinalCaseIgnore)
|| !context.ValidateCredentials(username,password))
{
return View("PermissionDenied");
}
}
...
}
这篇关于我该如何重新进行身份验证在ASP.Net MVC 3 _Intranet_应用程序的用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
