V
vs
I have an ASP.NET 2.0 Application that is using Integrated Windows
Authentication. It is running on our intranet.
I would like to force the user to re-authenticate with their Windows
username/password/domain after clicking a particular button on an ASP.NET
page in order to make sure that the user really is the person who logged in
the machine in the first place, and not somebody else who started using an
unattended and un-locked PC.
So far I have found out about LogonUser Win32 API, but the problem seems to
be that I'd need to prompt for password and then get it securely from the
browser to the web server for the authentication to happen. Is there a way to
do all this so that the password is not compromised?
I've also looked at the LockWorkStation call, but because the code is
executing on the server, it locks the server, not the user's PC. Is there a
way to call it from the browser at the client's PC?
Is there some other way to accomplish this?
Any help would be greatly appreciated.
Thanks
Authentication. It is running on our intranet.
I would like to force the user to re-authenticate with their Windows
username/password/domain after clicking a particular button on an ASP.NET
page in order to make sure that the user really is the person who logged in
the machine in the first place, and not somebody else who started using an
unattended and un-locked PC.
So far I have found out about LogonUser Win32 API, but the problem seems to
be that I'd need to prompt for password and then get it securely from the
browser to the web server for the authentication to happen. Is there a way to
do all this so that the password is not compromised?
I've also looked at the LockWorkStation call, but because the code is
executing on the server, it locks the server, not the user's PC. Is there a
way to call it from the browser at the client's PC?
Is there some other way to accomplish this?
Any help would be greatly appreciated.
Thanks