How do I re-authenticate a user in an ASP.NET MVC 3 Intranet application?
Have the form send the credentials along with the request to perform the action, i.e., some actions require that you provide username/password. Use the PrincipalContext ValidateCredentials method to ensure that the proper credentials have been entered and check that the username supplied matches the current username in the User.Identity
object.
public ActionResult SensitiveAction( SensitiveModel model, string username, string password )
{
using (var context = new PrincipalContext(ContextType.Domain))
{
if (!string.Equals(this.User.Identity.Name,username,StringComparison.OrdinalIgnoreCase)
|| !context.ValidateCredentials(username,password))
{
return View("PermissionDenied");
}
}
...
}