I'm working on a web application that uses the ASP.NET 2.0 Membership and Roles providers with Forms Authentication. There are various roles in the system. I need to have a user role that is essentially a super-user that can "login" as any user account (in effect impersonating the user).
Does anyone know if this is possible using the providers? Any ideas?
One approach I was thinking of was to logout the super-user and sign them in as the desired user with
FormsAuthentication.SetAuthCookie(username, false);
And adding a variable to their Session to flag them as a super-user. I think this would work, but I was just wondering if there's a smarter way to do it without directly using the Session object?