I am creating a site for our customer service department to request password rest emails for our customers. The flow is that a customer can call CS, give them their identifying info then CS will click a button on our site to send an email to the users registered address.
To simplify things, I would like to have the CS page require that the user be internal and logged-in to our domain. But the customer should be able to hit the site without credentials. So, I would like the CS views to require NT auth but not those for the customers.
The entire site would be using SSL.
Thanks.
For the controllers/Actions that are restricted to your CS people you could use Authorize Attribute. This could tie them to a specific domain group and would utilize their logged in credentials and permissions.
Then the pages/controllers that don’t need to be restricted or are handled through an application level login you can run them through your normal login methods.