ASP.NET Core身份模拟特定用户 [英] ASP.NET Core Identity impersonate specific user
问题描述
假设我扮演以下角色:
-
Admin
Admin
User
我想让Admin角色模拟具有User角色的特定用户帐户,但不知道
I want Admin role to impersonate specific user account with User role, but without knowing that specific user account's password.
管理员应该能够从应用程序中模拟任何用户,并能够以用户本人的身份浏览应用程序。
我找到了一个链接实际上是在ASP.NET MVC 4.6中实现的,但是在将其转换为Core版本时有些头疼。
Admin should be able to impersonate any user from the application and be able to browse the application as the user himself. I found a link where this is actually implemented in ASP.NET MVC 4.6, but having a little headaches while converting this to Core version.
主要是因为最后一行代码在链接
Mostly because of the last line of code in the link
authenticationManager.SignIn(new AuthenticationProperties()
{ IsPersistent = false }, impersonatedIdentity);
其中.NET Core中的 SignIn 参数可以不允许再传递 IdentityResult 类(impersonatedIdentity)。现在只能使用 ClaimsPrincipal 。
where SignIn parameter in .NET Core does not allow IdentityResult class (impersonatedIdentity) to be passed anymore. It can now only take ClaimsPrincipal.
所以我最终要做的是
public async Task<IActionResult> ImpersonateUserAsync(string userName)
{
var impersonatedUser = await _userManager.FindByNameAsync(userName);
var claims = new List<Claim> {
new Claim(ClaimTypes.Name, impersonatedUser.FirstName, ClaimValueTypes.String),
new Claim(ClaimTypes.Surname, impersonatedUser.LastName, ClaimValueTypes.String),
new Claim(ClaimTypes.Email, impersonatedUser.Email, ClaimValueTypes.String)
};
var user = new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme));
var authenticationManager = _httpContextAccessor.HttpContext.Authentication;
await authenticationManager.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await authenticationManager.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, new AuthenticationProperties() { IsPersistent = false });
return RedirectToAction("Index", "Home");
}
我填充了必要的索赔,并将其传递给 ClaimsPrincipal ,因此 SignInAsync 现在可以容纳 var个用户。
但是,这似乎并没有真正登录,我是在 AspNetUsers 表中找到的用户,该用户具有以前由Admin角色分配的角色和特权。老实说,我期望上面的代码至少以我在 var Claims 中定义的名称和姓氏登录,但实际上我仍然以重定向到索引页面后,您将成为管理员帐户。
I populated necessary claims and passed it to ClaimsPrincipal so SignInAsync can now take var user.
However, this seems like I am not actually logging in as the user found in AspNetUsers table who has the role and privileges previously assigned by the Admin role. To be honest, I was expecting above code to at least sign-in as the Name and Surname I defined in var claims, but in fact I am still logged-in as the admin account after I'm redirected to Index page.
要登录为<$ c中定义的用户帐户,我需要采取哪些适当的步骤? $ c> AspNetUsers 表,以便管理员能够以用户本人的身份浏览应用程序?
What are the proper steps I need to take in order to sign-in as the user account defined in AspNetUsers table so the Admin would be able to browse the application as the user himself?
推荐答案
在Asp.Net Core中有一篇关于模拟的博客文章 HERE 。我只是在寻找这样的解决方案,所以我还没有尝试实现它。但是,看来您在正确的道路上。您的代码和Max的代码之间只有细微的差别。
There is a blog post about impersonation in Asp.Net Core HERE. I am just searching for such a solution, so I have not tried implementing it yet. However it seems you are on the right track. There are only slight differences between your code and Max's.
基本上,您需要在浏览器端替换cookie。因此,对于下一个请求,服务器认为其他人已登录。至少到目前为止,这是我所了解的。这就是为什么您最好也将原始身份保存在Cookie中的原因,因此您可以在需要时切换回原始用户。
Basically you need to replace the cookie at the browser side. So, for the next request the server "thinks" its someone else logged in. At least that's what I understood so far. This is why you better save the original identity in the cookie as well, thus you could switch back to the original user when needed.
工作后我会回来解决方案。
I get back when I have a working solutions anyway.
这篇关于ASP.NET Core身份模拟特定用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
