c# - ASP.NET Implementing "Act As" functionality when using Windows Authentication and Custom Role Provider -

-

i'm trying implement "act as" functionality asp.net application while @ same time using windows authentication , custom role provider. want able is:

  • use windows auth current user's domain account verify approved domain user
  • use custom role provider permission information sql server database.
  • implement functionality allow admins of application able "act as" user, without requiring them log application user.

the scenario i'm trying fulfill application admin attempting assist user problem , clicks "act as" button act user , see application see it. role provider need understand current user acting else , permissions information user instead of current user.

my plan implement impersonation feature delete roles cookie , add value session variable indicating user impersonating user. session not populated @ time authorization occurs however, isn't possible. don't want use cookies don't want cause potentially persistent state on admins machine (such admin couldn't open window app , either act user or view own data).

i can't find way (without cookies) save "acting user..." information given session unavailable. i'd use role provider, etc., can leverage built in security trimming in .net. may impossible, i'm hoping out there has either tried before or has suggestion can attempt implement.

thanks in advance!!

see answer similar question here

the gist of is:

the way did this, admittedly little crude, have impersonation table in database contains logon name of user doing impersonating , logon of user wish impersonate.

i added override code when user first goes page (it uses windows authentication), check see if user has impersonation set in table , place user id in object in session state. if there no impersonation, place actual user id in same object.

to prevent me doing things user's data them, there 2 properties in object, 1 logon_name, used system content-customization, , called nameforlog, used when logging actions. actions make logged me.

all areas on site display user-customized content @ session object, use impersonated id , therefore show me user seeing. beyond first page , logging code, doesn't know me dealing with.

for scenario, implement roles provider , override getrolesforuser return roles impersonated user plus role allow impersonating user access impersonation functionality purposes of turning off.

you return impersonated user's roles impersonating user's roles in order give admin user access of own features user impersonating, depends how affect usefulness of feature in particular scenario.


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more