In my asp.net MVC application, we have a web site that is used by both customers and our contact centre staff to log jobs. The requirement is that if a customer accesses the site, they see the normal form, however in order to stop contact centre staff logging jobs without it showing their username, we want it so that the system recognises if the user is connected to the domain, and if so show their username.
I've explored two options so far;
- Switch on Windows Authentication - This option seems problematic as we only want one instance of each form, and switching on windows authentication would prompt external users to enter a username and password, which would definitely raise some complaints. I managed to get the authenticated user, but it was server side so no use.
- Filter by IP Address - This option would be able to determine whether the user was logged on to an internal machine, however they'd still be able to bypass and complete the form on behalf of the customer without logging their name against it. Using this option, we'd also have to incorporate some form of login to obtain the user ID of the staff member completing the form.
Along the line we also want to add some additional options for staff, so it's important that we can distinguish between them and the public to avoid any options being shown to the wrong person.
Does anyone have any suggestions or examples of this?
Thanks
Aucun commentaire:
Enregistrer un commentaire