Changing logged in user from a drop-down list for role testing

Question

Authentication is set to Windows and roleManager is using AspNetWindowsTokenRoleProvider. This is an intranet application.

I've created a couple of different test accounts (local to the web server) to test the different roles of the application. Each user belongs to a different local group, and each group is a different role in the application. I would like to provide a selection option for the user to switch between the accounts.

Ideally I would like a drop-down box on the web page with the following types of options for the user to select:

• WindowsUser (User currently logged into windows or challenge for username/password if this can't be figured out)
• TestUserForRole1
• TestUserForRole2
• TestUserForRole3

If this is not possible, the next best thing would be to prompt the user to enter in a username/password and authenticate them on the server to establish a new sessions with the provided credentials. What are my options? Thanks.

Answer 1

I think I figured this one out. My solution is to set a cookie with the selection of the drop-down box and refresh the page. Read the cookie value on Application_AuthenticateRequest event and replace the HttpContext.User with the requested user if needed. Here's the code:

Select the user like this:

<select id="LoginUser" name="LoginUser" onchange="ChangeLoginUser(this)">
    <option value="NONE">-- Change User --</option>
    <option value="">Windows User</option>
    <option value="UserOne">User One</option>
    <option value="UserTwo">User Two</option>
</select>

Handle the user selection with javascript ( AppPath reference )

function ChangeLoginUser(sel) {
    var selectedUser = sel.options[sel.selectedIndex].value;
    if (selectedUser == "NONE") return;
    $.cookie("LoginUser", selectedUser, { path: AppPath });
    location.reload(true); //refresh
}

Override currently logged in windows user with selection:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    OverrideLoginUser();
}

private void OverrideLoginUser()
{
    HttpCookie authCookie = Context.Request.Cookies["LoginUser"];
    if (authCookie == null || string.IsNullOrWhiteSpace(authCookie.Value))
        return; //regular authentication

    if (User != null && User.Username().Equals(authCookie.Value))
        return; //already set

    Context.User = GetTestUser(authCookie.Value);
}

private WindowsPrincipal GetTestUser(string user)
{
    WindowsPrincipal testuser = null;
    IntPtr hToken;                
    if (WinSec.LogonUser(user, "", "ThePassword", // all users have the same password
        (int)LogonType.LOGON32_LOGON_INTERACTIVE, (int)LogonProvider.LOGON32_PROVIDER_DEFAULT, out hToken))
    {
        testuser = new WindowsPrincipal(new WindowsIdentity(hToken, "WindowsAuthentication"));
        }
        if (hToken != IntPtr.Zero) WinSec.CloseHandle(hToken);
    }

    if (testuser == null)
        throw new Exception("Error getting test user");

    return testuser;
}

Username() extension

public static string Username(this IPrincipal user)
{
    var name = user.Identity.Name;
    //remove domain name
    name = Regex.Replace(name, ".*\\\\(.*)", "$1", RegexOptions.None);
    return name;
}

UserLogon function needs to be made available by the following class

/// <summary>
/// http://pinvoke.net/default.aspx/advapi32.LogonUser
/// </summary>
public class WinSec
{
    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern bool LogonUser(
        string lpszUsername,
        string lpszDomain,
        string lpszPassword,
        int dwLogonType,
        int dwLogonProvider,
        out IntPtr phToken
    );

    [DllImport("advapi32.dll", SetLastError = true)]
    public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, out IntPtr DuplicateTokenHandle);

    [DllImport("kernel32.dll", SetLastError = true)]
    [return: MarshalAs(UnmanagedType.Bool)]
    public static extern bool CloseHandle(IntPtr hObject);
}

public enum LogonType
{
    /// <summary>
    /// This logon type is intended for users who will be interactively using the computer, such as a user being logged on  
    /// by a terminal server, remote shell, or similar process.
    /// This logon type has the additional expense of caching logon information for disconnected operations; 
    /// therefore, it is inappropriate for some client/server applications,
    /// such as a mail server.
    /// </summary>
    LOGON32_LOGON_INTERACTIVE = 2,

    /// <summary>
    /// This logon type is intended for high performance servers to authenticate plaintext passwords.

    /// The LogonUser function does not cache credentials for this logon type.
    /// </summary>
    LOGON32_LOGON_NETWORK = 3,

    /// <summary>
    /// This logon type is intended for batch servers, where processes may be executing on behalf of a user without 
    /// their direct intervention. This type is also for higher performance servers that process many plaintext
    /// authentication attempts at a time, such as mail or Web servers. 
    /// The LogonUser function does not cache credentials for this logon type.
    /// </summary>
    LOGON32_LOGON_BATCH = 4,

    /// <summary>
    /// Indicates a service-type logon. The account provided must have the service privilege enabled. 
    /// </summary>
    LOGON32_LOGON_SERVICE = 5,

    /// <summary>
    /// This logon type is for GINA DLLs that log on users who will be interactively using the computer. 
    /// This logon type can generate a unique audit record that shows when the workstation was unlocked. 
    /// </summary>
    LOGON32_LOGON_UNLOCK = 7,

    /// <summary>
    /// This logon type preserves the name and password in the authentication package, which allows the server to make 
    /// connections to other network servers while impersonating the client. A server can accept plaintext credentials 
    /// from a client, call LogonUser, verify that the user can access the system across the network, and still 
    /// communicate with other servers.
    /// NOTE: Windows NT:  This value is not supported. 
    /// </summary>
    LOGON32_LOGON_NETWORK_CLEARTEXT = 8,

    /// <summary>
    /// This logon type allows the caller to clone its current token and specify new credentials for outbound connections.
    /// The new logon session has the same local identifier but uses different credentials for other network connections. 
    /// NOTE: This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.
    /// NOTE: Windows NT:  This value is not supported. 
    /// </summary>
    LOGON32_LOGON_NEW_CREDENTIALS = 9,
}

public enum LogonProvider
{
    /// <summary>
    /// Use the standard logon provider for the system. 
    /// The default security provider is negotiate, unless you pass NULL for the domain name and the user name 
    /// is not in UPN format. In this case, the default provider is NTLM. 
    /// NOTE: Windows 2000/NT:   The default security provider is NTLM.
    /// </summary>
    LOGON32_PROVIDER_DEFAULT = 0,
    LOGON32_PROVIDER_WINNT35 = 1,
    LOGON32_PROVIDER_WINNT40 = 2,
    LOGON32_PROVIDER_WINNT50 = 3
}

public enum SecurityImpersonationLevel
{
    /// <summary>
    /// The server process cannot obtain identification information about the client, 
    /// and it cannot impersonate the client. It is defined with no value given, and thus, 
    /// by ANSI C rules, defaults to a value of zero. 
    /// </summary>
    SecurityAnonymous = 0,

    /// <summary>
    /// The server process can obtain information about the client, such as security identifiers and privileges, 
    /// but it cannot impersonate the client. This is useful for servers that export their own objects, 
    /// for example, database products that export tables and views. 
    /// Using the retrieved client-security information, the server can make access-validation decisions without 
    /// being able to use other services that are using the client's security context. 
    /// </summary>
    SecurityIdentification = 1,

    /// <summary>
    /// The server process can impersonate the client's security context on its local system. 
    /// The server cannot impersonate the client on remote systems. 
    /// </summary>
    SecurityImpersonation = 2,

    /// <summary>
    /// The server process can impersonate the client's security context on remote systems. 
    /// NOTE: Windows NT:  This impersonation level is not supported.
    /// </summary>
    SecurityDelegation = 3,
}