asp.net sitemap admin seeing what a user sees

Question

Hi,

I am currently trying to figure out how to best go about implementing an administration side for my application.

I have a user site, where users can log in, customize their profile, submit information etc. I would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.

Website Start Page > RogerRabbit > Submit Information
Website Start Page > BillyBob > Customize Profile

So my question is:

1. How should my pages be laid out?
2. How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)
3. Would this method have to use session variables?

Any suggestions, or tips would be great.

Answer 1

I dunno mike... that's a broad set of questions there. Kinda like asking "how to I build a web site in asp.net".

It sounds very much like you need to invest in an introductory "how-to asp.net book" that covers these topic areas. The good news is that just about every beginner to intermediate asp.net book ever written probably hits most of these topic areas.

would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.

This is a kind of impersonation... and is a lot harder than it sounds. But how you do this depends on how your application authenticates users, authorizes users, and manages roles... which is a whole sub-specialty within asp.net (with it's own dedicated books actually).

1) How should my pages be laid out?

Carefully?

2) How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)

This is covered on MSDN quite thouroughly. Yes, you can create your sitemaps in memory. I've created sitemaps from data stored in a SQL DB a few times in the past, but I'd have no idea where to even start to explain it. You have to understand the base classes and interfaces used by sitemaps and then make a custom sitemap provider adapted to working with your data and rules for the site's structure.

3) Would this method have to use session variables?

Probably. Most sites with an awareness of "logged in user" need sessions. Not universally true, but nearly so.

Answer 2

I can't answer your sitemap question but I have implemented a solution like this on one of our systems where I can see exactly what the end user is seeing by impersonating them. I did this mainly for troubleshooting purposes so that when they report a problem to me (such as something missing from their view), I can go in as them and see exactly what they are talking about.

The way I did this, which is admittedly a little crude, was to have an impersonation table in my database which contains the logon name of the user who is doing the impersonating and the logon of the user they wish to impersonate.

I added some override code so that when the user first goes to the page (it uses Windows authentication), it will check to see if that user has an impersonation set in the table and then place this user id in an object in the session state. If there was no impersonation, it would place the actual user id in this same object.

To prevent me from doing things to the user's data as them, there are two properties in this object, one for logon_name, which is what is used by the system for content-customization, and another called NameForLog, which is used when logging any actions. All actions I make will be logged as me.

All areas on the site that display user-customized content look at this session object, so they will always use the impersonated ID and therefore always show me what the user is seeing. Beyond the first page and the logging code, it doesn't even know that it is me it is dealing with.

It isn't the cleanest solution, but it has worked well for me.