I have an intranet project written in MVC 4 which uses Windows Authentication to authorise and authenticate users.
I need to add a 'Login as another user' functionality.
After some searching I found this solution which suggests returning a 401, and created the following Action (which is called using a form):
//
// POST: /Home/LogOut
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LogOut()
{
return new HttpUnauthorizedResult();
}
The Action gets called, and the browser pops up a username and password window, however as the result redirects back to the Action, a 401 is always returned.
How do I redirect the user back to the previous action, once they have logged in with the new credentials?
Is there a way to invalidate the credentials on the server side instead of just returning a 401?
For me, working this:
And in html
This method will always log the user out and redirect to the home page. I also added
[AllowAnonymous]
to make sure everybody can access this method.People reverse engineered\decompiled some code from Sharepoint that happens to have this feature.
I tested it in an
ASP.NET MVC 5
app and it's working as expected.Source:
Force Sign in as a different user while using Windows Authentication in asp.net