Is it possible to simulate the experience of a unique user through code in a c# ASP.net web application?
Question
we have an ASP.net web application running on IIS7. We have multiple users, but we don't always know their password. Here's what we'd like to be able to do:
Login as some sort of administrator, be presented with our current list of users, click some sort of "Run as John Doe user", at which point we'd be able to see the application (or certain pages) as that user.
We're looking to do this in a support/debugging capacity. I've looked into ASP.net's Impersonation, but that doesn't seem to apply here.
Any help/advice is appreciated. If I'm living in a dream world, please let me know.
1 answers
solution1
2 ACCPTED 2011-03-07 20:14:03
If you are using forms authentication all you need to do is to emit an authentication cookie with the username of the user you are trying to impersonate:
// Need to be signed as administrator in order to be
// able to impersonate
if (User.IsInRole("Administrator"))
{
FormsAuthentication.SetAuthCookie("johndoe", false);
}
and on the next request you will be John Doe . You could also store some value in the session to indicate that this is an administrator acting on behalf of John Doe if you ever needed this information.
If you are using Windows NTLM authentication I don't think this is possible (please correct me if I am wrong).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.