سالار ربال سالار ربال
پیاده‌سازی فرآیند Impersonation در ASP.NET Core
200, OK
https://tech.trailmax.info/2017/07/user-impersonation-in-asp-net-core/ icon
مشاهده مطلب اصلی

Impersonation Process

Impersonation is when an admin user is logged in with the same privileges as a user, but without knowing their password or other credentials. I’ve used this in couple applications and it was invaluable for support cases and debugging user permissions.  

[Authorize(Roles = "Admin")] // <-- Make sure only admins can access this 
public async Task<IActionResult> ImpersonateUser(String userId)
{
    var currentUserId = User.GetUserId();

    var impersonatedUser = await _userManager.FindByIdAsync(userId);

    var userPrincipal = await _signInManager.CreateUserPrincipalAsync(impersonatedUser);

    userPrincipal.Identities.First().AddClaim(new Claim("OriginalUserId", currentUserId));
    userPrincipal.Identities.First().AddClaim(new Claim("IsImpersonating", "true"));

    // sign out the current user
    await _signInManager.SignOutAsync();

    await HttpContext.Authentication.SignInAsync(cookieOptions.ApplicationCookieAuthenticationScheme, userPrincipal);

    return RedirectToAction("Index", "Home");
}


پیاده‌سازی فرآیند Impersonation در ASP.NET Core
‫۵ سال قبل، دوشنبه ۲۵ شهریور ۱۳۹۸، ساعت ۰۳:۵۹
۸۴
۱
SecurityAuthenticationAuthorizationASP.NET Core
مطالب مشابه