stackoom
  简体   繁体   中英

Impersonation using ASP.NET Membership Provider

 原文  2009-12-02 15:54:28       asp.net/ .net/ asp.net-membership/ impersonation

Question

I have a custom membership/roles provider, due to the nature of the project it will require admins to login as users while assisting them with queries.

Now, Its easy to re-log the admin in with the selected membership account, however this means that the admin will effectively be logged out. I'm looking for a way to allow admins to impersonate users yet very easily switch back to there own account at any time.

Any suggestions?

1 answers

solution1
 0  2009-12-02 16:03:41

This should be the sort of thing you want.

You can call the ImpersonateValidUser method with the username and password of the domain account you want. And then reverse it on the logout.

You should be able to bend this to work with your custom membership provider. 

// Constants for impersonation
private WindowsImpersonationContext impersonationContext;
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;

/// <summary>
/// Changes the account we are running under. 
/// </summary>
/// <param name="username">Username of a local admin account</param>
/// <param name="domain">Domain of the username</param>
/// <param name="password">Password of a local admin account</param>
/// <returns></returns>
private bool ImpersonateValidUser(String username, String domain, String password)
{
    WindowsIdentity tempWindowsIdentity;
    IntPtr token = IntPtr.Zero;
    IntPtr tokenDuplicate = IntPtr.Zero;

    if (RevertToSelf())
    {
        if (LogonUserA(username, domain, password, LOGON32_LOGON_INTERACTIVE,
            LOGON32_PROVIDER_DEFAULT, ref token) != 0)
        {
            if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
            {
                tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                impersonationContext = tempWindowsIdentity.Impersonate();
                if (impersonationContext != null)
                {
                    CloseHandle(token);
                    CloseHandle(tokenDuplicate);
                    return true;
                }
            }
        }
    }
    if (token != IntPtr.Zero)
        CloseHandle(token);
    if (tokenDuplicate != IntPtr.Zero)
        CloseHandle(tokenDuplicate);
    return false;
}

/// <summary>
/// Cancel the impersonation and revent the thread to the
/// default account. Typically DOMAIN\NETWORK_SERVICE or similar.
/// </summary>
private void UndoImpersonation()
{
    impersonationContext.Undo();
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question membership provider in asp.net 4 Is *not* using the asp.net membership provider a bad idea? Forgot password using ASP.Net membership provider? using asp.net membership provider how to check if the user is registered or not? SSO using CAS with ASP.NET membership provider backend Using ASP.NET Membership provider (No login logic?) Using Microsoft Membership Provider Outside of ASP.NET Using the string resources of ASP.NET membership provider in a custom control Using ASP.NET Membership Provider authentincation in a WCF service Using SQL server 2008 for ASP.net 2.0 Membership provider
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM