开发者

ASP.NET Authenticate as someone else

开发者 https://www.devze.com 2023-02-11 20:54 出处：网络

I am about to develop an ASP.NET MVC开发者_Go百科 3 site where there will be two different kinds of users: Global Administrator and Local Administrator.

相关专题：asp.net-membership asp.net-mvc-3 security

I am about to develop an ASP.NET MVC开发者_Go百科 3 site where there will be two different kinds of users: Global Administrator and Local Administrator.

A local administrator can administrate his own data. The global administrator can select a local administrator and sort-of "simulate" being that user. By this, I mean that he shoud preferably be able to see the same views etc.

What are your thoughts on how this behavior could be implemented?

Best Regards Kenneth

If you are using forms authentication you could impersonate any user:

[Authorize(Roles = "admin")]
public ActionResult BecomeGlobalAdmin()
{
    FormsAuthentication.SetAuthCookie("globaladmin", false);
    return RedirectToAction("index");
}

You might also want to store some information into the session which would indicate that the user is in fact an administrator but acting as a global administrator (if you need such functionality).