{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 【Aperson】 的问题《Using FormsAuthentication》','https://www.manongdao.com/q-712764.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a Razor site I made with full login/registration and Admin roles with WebMatrix. And a requirement is for the administrator to be able to "Login as an existing user" in order to be able to add to, edit, cancel and or confirm new orders for that particular user he is logged in as.
I know this is not the most common way of approaching this, but I have seen it done alot. I currently own a domain reselling business and my supplier uses this type of feature where it lets me login as a user to credit their account ETC..
So, I've been told that FormsAuthentication would work good for this in C#. So I checked out:
http://msdn.microsoft.com/en-us/library/twk5762b.aspx
Which leads me to ask:
What?
And...
By "username", they mean the e-mail address that's created when that user registered? Or do they mean the UserId, which is an INT?
And, is it really as simple as doing this?:
@{
if(Roles.IsUserInRole("Administrator"))
{
SetAuthCookie(
"ClientsUserNameHere,
true
);
}
else
{
Response.Redirect("~/Account/SignIn");
}
}
<DOCTYPE! HTML>
<html>
<head></head>
<body>
<p>Hello, Administrator, you are currently Signed In as [insert client name here].</p>
</body>
</html>
Yes, it is really that simple. Well, actually for this to take effect you need to redirect because the page will use the request cookie which still indicates an administrator:
In addition you could store some info into the session indicating that this is an administrator acting as a normal user (if you ever needed to know it) and not the normal user.
You might also take a look at the following article for a more advanced impersonation scenario.