In an ASP.NET MVC 3.0 application (intranet), the end user is logged on the domain (sample : MyDomain\User1. In my application there is a validation section, when I want to valid a jQuery UI popup appear and I have to enter password of the user logged.
I’d like to know :
-
how can I check if the password receive in the action method match with the
User1domain password -
Is there a way to secure the password. To be clear, I have input (password type), in the model received from the form the password is in clear. Is it normal? Is there way to crypt that. I used ajax for posting.
Update1
After internal discuss here .. is it possible to do an Asynchrone Ajax post with the password and make a check (password match to password of the user in the domain, the user is authenticated over NTLM protocol) without use LDAP.
Thanks,
Why not just use Windows Authentication
Otherwise: Consult here
Gives a complete walkthrough of custom authentication against an Active Directory controller.