We leverage ADFS 2.0 internally for our single/simplified sign on services. In a couple of cases, our internal business doesn't want true SSO (no prompting for ID and password) but rather that the user hits a "landing" page where they enter their credentials. What they want is the ability for the user to leverage their normal domain id and password.
What I know how to do is set such a page up and have the code validate that the user id and password combination are valid and then just run a navigateurl command to the idpInitiatedSignon.apx.
This is fundamentally flawed though. For example, say i walk over to someone's computer who is logged in and who does NOT have access to the SSO enabled application and enter my credentials (since I do have access). The app will validate my creds, but when it goes to navigate to the URL, it is still running under the context of the currently logged on user who doesn't have access.
How do I take a set of credentials, validate them, and then "pass" them to the browsing session that is hitting ADFS?