I'm posting a new topic, though there is one with a very similar name. Unlike that post's scenario, my scenario involves authenticating based upon performing some validation of request parameter values.
Let me explain the scenario.
I plan to have the traditional UsernamePasswordAuthenticationToken to grant full access. However, there is an exception case that I'd like to cover. I'd like to be able to provide a link to a Change Password page, but have this link adorned with the necessary parameters to match up within the database. This link should be good only for that one page. I'm not sure how best to implement this within the framework. Any suggestions?
I have a similar scenario involving a weak cookie-based sign-in. This weak sign-in is an implementation of the "remember me" functionality. What I'm doing now (outside the framework) is dropping a cookie with an id and a random token value. This token value is stored in my authentication repository and is good for one sign-in. The token value is regenerated each time to minimize the exposure if a cookie were intercepted. Sign-in in this way, enables the less secure features to be accessible. However, access to sensitive areas requires a form sign-in.
I'm curious to know if there is a good way to combine all these authentication methods compatibly. I have read the manual and some of the related threads, but its not quite clear to me as yet. Any help would be greatly appreciated.