There is a asp.net core web app on a local server, that uses windows authentication, users can connect to it and perform actions.
Now I want to prompt the user for a password, as a confirmation for a specific action. At this point the user is already authenticated, I just want an additional confirmation, is there a way to compare the prompted value to the password that they use to sign in to their windows account?
Note: What would I have to consider and perhaps is there a better way to handle something like this?
No, you can't get access to the raw password for comparison. Windows auth is not a great fit for dynamic prompts, most flows that do this are based on cookies. Windows auth provides credentials on every request, so it's up to the client/browser to prompt only when required. The average client is never prompted, it uses the current user's credentials.