How to confirm Windows password is ASP.NET ?

  • Thread starter Thread starter Gilbert Tordeur
  • Start date Start date
G

Gilbert Tordeur

Hello.

I see sometimes Intranet applications (with Windows integrated security)
that ask the Windows password again just before a sensitive action (like a
financial approval for example). The reason for this, I presume, is to be
sure that the user at the keyboard is the right one, and not another one
during the meal of a manager who has forgotten to lock his/her PC.

Let's assume I do the same in an ASP.NET application. I ask the user to
enter his Windows password in a Textbox. My question is : how can I ask
Windows to check this password ?

Thank you in advance,
Gilbert
 
Consider the user that hasn't forgotten to lock their computer for a
moment...This approach will cause them to have to log in twice, which is not
necessarially good design. In ASP .NET, the better approach would be to
simply create a session timeout of a short period of time and prior to each
sensitive page's display, check a session variable to see if it still
exists. If you've ever done online banking, you know that if you don't
interact with the application after a certain period of time (usually 5
minutes), you get logged out and have to log back in. But, you are not
prompted to continuously prove who you are once you have logged in.

-Scott
 
Thanks Scott to this comment.

I agree with the general idea about double login. However I am speaking
about a sensitive transaction, that does not occurs every day.

You can also imagine that a user leaves his PC and that somebody else launch
Internet Explorer. Then a short session timeout will not help.

So if somebody knows how to ask Windows to confirm a password, I am
interested.

Regards,
Gilbert
 
Back
Top