How do I re-authenticate a user in an ASP.NET MVC 3 Intranet application?

The application is already using Windows integrated security, not Forms. What I am trying to accomplish is a so called "step-up" authentication, or "force re-authentication" for the following scenario:

1. the user is browsing the site doing common, trivial stuff
2. suddenly, the user has to do a sensitive action such as authorizing a resource allocation or confirming a car loan or something similar
3. the user is prompted for the credential before (s)he's redirected to the sensitive page, in a manner similar to SharePoint's "Sign In as a Different User"
4. if, and only if, the credentials entered are the same as for the currently logged-in user the application proceeds to the sensitive area.

This would prevent the following two issues:

1. The user goes for a meeting or a coffee and forgets to lock the workstation and a colleague uses the session to access the sensitive area
2. The user enters the credentials of his or her boss (because, let's say he peeked over the boss' shoulder) to access the sensitive area.

I know, some would look at this as "being paranoid", but also some would say it's common sense and should be build in a framework somewhere (jQuery or .NET)

Have the form send the credentials along with the request to perform the action, i.e., some actions require that you provide username/password. Use the PrincipalContext ValidateCredentials method to ensure that the proper credentials have been entered and check that the username supplied matches the current username in the User.Identity object.

public ActionResult SensitiveAction( SensitiveModel model, string username, string password )
{
    using (var context = new PrincipalContext(ContextType.Domain))
    {
         if (!string.Equals(this.User.Identity.Name,username,StringComparison.OrdinalIgnoreCase)
             || !context.ValidateCredentials(username,password))
         {
              return View("PermissionDenied");
         }
    }

    ...
}