Geek Answers Handbook

Pretending to be ASP.NET Membership

In a general asp.net website with Membership , Roles and hashed passwords, I would like to provide impersonation administrators so that they can view the website as this user. The website should function as if this user is logged in and then can return to his login.

What is the best approach to achieve this?

Usage example: A website with two types of users: Buyer and Administrator. There is a Buy button on the website to buy something specifically provided to the user by the administrators. that is, only that buyer can use the buy button and make a payment. The user has problems, so the support administrator can "impersonate the user" and buy it on their behalf or "see" the problems they are facing.

Without impersonation, the only way is to resolve this in the code and that denies the goal of "seeing the user's problem." Even if I did not use hashed passwords and used FormsAuthentication.SignOut() and manually logged in to admin as a user.

I hope I understand the meaning above.

+7
source share
2 answers

Take a look at this example at codeproject.com. I think he does what you are looking for.

+6
source

I don't have the code that we used for this in front of me (an assignment from a few years ago), but there are bits in the membership API to sign someone into using the code. Unfortunately, I will not have access to the code until this weekend, otherwise I could quickly split the bit and do it.

I remember that at first you had to get the user as a membership using the Membership class. I am not sure from now on whether you need to check the provider or what. We used a custom provider, but I forget if this is related to this solution.

Regardless, check the security bits, focusing on membership and membership.

+1
source

More articles:


All Articles