tags:

views:

28

answers:

2
Q: 

How can I do a re-authentification on approval in a Sharepoint approval workflow?

The security guy ask me to make a step where the approver need to re-authenticate when he approve the list item. All of the other part of the workflow is done except this one. The best solution would be to use the built in log-in of Sharepoint, but I don't know how to do that. I want to point out that I'm doing this workflow with visual studio 2008 and deploy to WSS 3.0.

Thanks for the help.

+1  A: 

You should clarify what you need, as what you request is how Sharepoint already works.

In order for the approver to approve an item he has to log-in to Sharepoint, using the built-in mechanisms. If you are using windows authentication (the default) instead of FBA, the user is logged in automatically using his Windows credentials. So there is no need (or point) for the user to re-authenticate - Sharepoint already knows who he is.

The only case where there might be an issue is when both requestor and approver have to use the same computer. Unless the requestor also has approval right, he will not be able to approve the request.

Are you perhaps concerned that a user with approval right may try to approve his own request? In this case you can prevent him from doing so by granting him read-only right to his request, ie removing the update right.

Panagiotis Kanavos  2010-07-09 16:01:39
The authentification is already done like you said with the windows credential, but the goal to ask for a re-authentification is to make sure that the user in front of the computer is really the good one. I know that it's a overhead(I said the same thing the client) but he want to know if it can be done.
Sylvain Perron  2010-07-09 18:00:05
If the security guy did his job right, then there should be an idle lockout policy in place, no? Sharepoint is the wrong place to fix domain policy issues. If you really want to make Sharepoint more secure than the entire window domain, you can display a custom form for the approval task that requests username/password and have your workflow activity validate them. Be prepared to have a lot of annoyed end users though. IT People like Sharepoint because they don't have to remember a separate login for it. This requirement essentially disables the built-in integrated authentication
Panagiotis Kanavos  2010-07-10 10:39:13
+1  A: 

Havent done this myself, but a quick googling around led to these:

Maybe those topics can lead you to the right path.

Janis Veinbergs  2010-07-10 10:25:39
I will probably resort to this option. Sharepoint workflow with a custom login page.
Sylvain Perron  2010-07-12 17:14:02

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?