Environment: .NET 7 Blazor app.
Imagine the following scenario: because of very strict security considerations, changes made to a B2B customer's environment cannot just be done because someone higher up in that company with the right permissions feels like it. (Assume breach, assume potential sabotage, etc.)
If specific changes are to be made (e.g. deleting or editing specific data) two users must do it side-by-side, provided they both have the role permission to become a 'superuser'. That means both users have to log in on the same workstation and work together to make the required changes.
- User A, with manager roles & permissions, logs in
- User A goes to settings, activates 'SuperUser', prompting another login page, where user B has to log in (and performs 2FA if required)
- Now that both are logged in on the same session, they can undertake such actions.
Now here's the rub: does such an implementation already exist in .NET AspNet Core? and if not, where would be a good place to start looking for an existing alternative/writing our own? (Because it would make life easier if for example in controller functions we can check if a superuser is active when checking permissions)
Went through many google queries, found nothing of interest.
