tags:

views:

746

answers:

3
+2  Q: 

User impersonation with ASP.NET Forms Authentication

Scenario: In an e-commerce system, a helpdesk user should be able to "impersonate" or "log on as" a specific customer (from the web-based administration site) so that he can support the customer first-hand - eg. when the Customer is on the phone.

Additional clarification: There is no need to keep track of the original authentication context. We simply need to provide a "Log on as" button that will log on as the customer without the helpdesk user needing to know the password.

Any ideas how this scenario could be implemented using regular ASP.NET Forms Authentication?

+2  A: 

Maybee I don't understand the scenario exactly. But why not let the support login as the user?

FormsAuthentication.SetAuthCookie("yourCustomersUserName");

Then it will be up to the e-commerce system to have an updated "cart" or whatever so the support can help..

ullmark  2009-02-14 12:17:10
You could just take the username from a textbox that the support guy types in the username?
ullmark  2009-02-14 12:19:45
Thanks, will try that!
JacobE  2009-02-14 12:19:47
Does the session automatically switch when the auth cookie changes?
JacobE  2009-02-14 12:21:18
A: 

I dont think this works

 2009-06-11 12:26:25
+1  A: 

I was able to get this to work, assuming you've got a user already logged in, you can impersonate another user with the below code.

FormsAuthentication.SignOut();

FormsAuthentication.SetAuthCookie("username", true );
Joel Tipke  2009-08-17 21:44:31

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps