0

I am developing an ASP.Net MVC4 app that uses windows authentication. One of the requirements of the app is to prompt for credentials when an item is edited, even though the app is already aware of the user's credentials (User.Identity.Name). This requirement is necessary to meet FDA software validation standards.

I read I can do Response.StatusCode = 401 and that will force a login prompt, but I am not aware of a way to capture that information so I can save it with the data. I also read doing this has other side-affects.

Would I have to use a mix of forms and windows authentication? If so, does anyone know of examples that might help me get started? Like I said, I have to capture the user credentials so I can save it with the data.

The basic purpose of the prompt is to ensure that the person editing the data is who they say they are. For instance, I can walk away from my computer with the app still open and someone else can come along and change data in my name. Hope that makes sense.

Thanks.

steveareeno
  • 1,925
  • 5
  • 39
  • 59

1 Answers1

0

Anything dealing with reauthorization will need to be customized for your specific needs.

My recommendation would be to open a (client-side) modal with username/password, and pass that information along with the rest of your POST data. Obviously you will need to have a fallback for <noscript>, if that's a requirement as well.

Keith
  • 5,311
  • 3
  • 34
  • 50
  • So I assume I will have to use forms authentication, correct? I don't see how I could compare a password from a custom dialog using windows authentication. User name would be easy, modalDiaologUserName == User.Identity.Name. I know I can do this with forms authentication (compare the password) but I wanted to avoid adding the extra overhead to the app just for this one requirement. – steveareeno Jun 11 '13 at 21:19
  • There are ways to validate Windows credentials. A bit of googling found this interop method described in detail: http://dotnetslackers.com/articles/aspnet/Windows-Authentication-using-Form-Authentication.aspx – Keith Jun 11 '13 at 21:25
  • And I apologize - I have never had to implement reauthorization using windows authorization, so I don't have any working examples to share :( – Keith Jun 11 '13 at 21:38
  • Thanks Keith. I also found this, but haven't tried it yet: http://stackoverflow.com/questions/7585539/how-do-i-re-authenticate-a-user-in-an-asp-net-mvc-3-intranet-application – steveareeno Jun 12 '13 at 15:09