CRM 2011 - Can claims based authentication be built to detect IP range and require a PIN RRS feed

  • Question

  • My client is looking to use claims based authentication.  I haven't used this new method in anger yet but having read a bit about it I can understand that I could set up Claims Based Authentication to work with Active Directory via ADFS.

    However the requirement are a bit more complex than that.

    They would like to detect the IP Range and if the request is coming from outside of that range then they would require a PIN which expires after an hour.  The user would request the PIN by phone and be able to enter thier AD username, password and PIN in the login form.

    In the past I woult start with a Membership Provider and a custom login form.  I can see how the PIN request functionality could work as well with an expiry workflow.  However what I don't understand is how to use the new Claims Based Authentication with such a mechanism.

    Does anyone know of a guide or have any idea about how to break up the task?  Is this even possible?

    Presumably I can build a custom login form complete with login mechanism?

    Tuesday, September 6, 2011 2:35 PM

All replies

  • The ADFS has a website with an asp.net login page (adfs/ls/FormsSignIn.aspx) you can customize with client or serer side scripts, you can check the request server variables in c# (using Request.ServerVariables["REMOTE_ADDR"])  to identify the IP address and prove the PIN.


    Damian Sinay
    Saturday, October 8, 2011 4:56 AM