My client is looking to use claims based authentication. I haven't used this new method in anger yet but having read a bit about it I can understand that I could set up Claims Based Authentication to work with Active Directory via ADFS.
However the requirement are a bit more complex than that.
They would like to detect the IP Range and if the request is coming from outside of that range then they would require a PIN which expires after an hour. The user would request the PIN by phone and be able to enter thier AD username,
password and PIN in the login form.
In the past I woult start with a Membership Provider and a custom login form. I can see how the PIN request functionality could work as well with an expiry workflow. However what I don't understand is how to use the new Claims Based Authentication
with such a mechanism.
Does anyone know of a guide or have any idea about how to break up the task? Is this even possible?
Presumably I can build a custom login form complete with login mechanism?