Announcement Announcement Module
No announcement yet.
Implements a double authentication functionary Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Implements a double authentication functionary

    Hi All,
    I have a use case that required a special security requirement; the requirement is after the user is logged in he can perform some operations based on his rolls, this is normal and is finished , but in some special cases if the logged in user do one of his operations , I need to ask for a second user name /password , for example

    I the user try to make buy order for any items with amount less than 1000, then he can proceed without any special requirement, but if he tries to make the same order with amount grater than 1000 then we need another user authentication to accept this operation. So I need to display a special page to ask for the second username/password if the second username/password are valid then the transaction will be proceed and accepted.

    I think Run-as can help me to do this requirement but I am not sure of how to use Run-as? Any ideas?


  • #2

    Very interesting use case. Before I can help you I need something more about the problem.

    Is the second login only an alert function? To remind the user that he must be caution or is that a security method?
    If it is a security method, why not specify a role that handle this case? Why this second login?

    Best regards,



    • #3
      double authontication

      first thanks for your replay.
      i will try to explain the use case in more details ,
      first i have a ROLE_USER with this roll user can place orders , and request to buy new items but if the order amount is grater than 10000$ for example he need approvals from his manager to proceed with this transaction , some one with role ROLE_SUPER_USER , so an error screen should be displayed containing the transaction information and error message to indicate that this transaction need approval, then the manager can came to the user office and insert his username and password to accept this transaction ONLY not all the transaction.

      this mechanism called supervisor override .

      so the second login is required as security requirement
      Last edited by usama_ra1; Jan 29th, 2007, 01:34 PM.


      • #4
        This sounds very much like some kind of workflow. I have seen someone implement something very similar in the past. I think this was based around a simple filter to gather the authentication details and then the actual running was done using runAs. It might be worth having a look at that in the reference manual.