Stuck with lack of information when trying to implement a feature for user impersonation with .Net Core's Identity. I am trying to make this ASP.NET MVC 4.6 code work in ASP.NET Core, but faced with some lines of codes which .NET Core no longer supports.
So below is the original 4.6 code to pass in userName and sign-in as the user.
public async Task ImpersonateUserAsync(string userName)
{
var context = HttpContext.Current;
var originalUsername = context.User.Identity.Name;
var impersonatedUser = await userManager.FindByNameAsync(userName);
var impersonatedIdentity = await userManager.CreateIdentityAsync(impersonatedUser, DefaultAuthenticationTypes.ApplicationCookie);
impersonatedIdentity.AddClaim(new Claim("UserImpersonation", "true"));
impersonatedIdentity.AddClaim(new Claim("OriginalUsername", originalUsername));
var authenticationManager = context.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, impersonatedIdentity);
}
I've made it up to here, but stuck with context.GetOwinContext().Authentication part where I need to sign-out with the current cookie, and sign-in with this new user.
public async Task<IActionResult> ImpersonateUserAsync(string userName)
{
var originalUsername = _httpContextAccessor.HttpContext.User.Identity.Name;
var impersonatedUser = await _userManager.FindByNameAsync(userName);
var impersonatedIdentity = await _userManager.CreateAsync(impersonatedUser);
await _userManager.AddClaimAsync(impersonatedUser, new Claim("UserImpersonation", "true"));
await _userManager.AddClaimAsync(impersonatedUser, new Claim("OriginalUsername", originalUsername));
return RedirectToAction("Index", "Home");
}
Has anyone done with this kind of approach?
Use HttpContext.Authentication.
public async Task<IActionResult> ImpersonateUserAsync(string userName) {
var context = HttpContext; //Property already exists in Controller
var originalUsername = context.User.Identity.Name;
var impersonatedUser = await _userManager.FindByNameAsync(userName);
var impersonatedIdentity = await _userManager.CreateAsync(impersonatedUser);
await _userManager.AddClaimAsync(impersonatedUser, new Claim("UserImpersonation", "true"));
await _userManager.AddClaimAsync(impersonatedUser, new Claim("OriginalUsername", originalUsername));
var authenticationManager = context.Authentication;
var cookie = DefaultAuthenticationTypes.ApplicationCookie;
await authenticationManager.SignOutAsync(cookie);
await authenticationManager.SignInAsync(cookie, impersonatedIdentity,
new AuthenticationProperties() { IsPersistent = false });
return RedirectToAction("Index", "Home");
}
Reference Documentation Using Cookie Middleware without ASP.NET Core Identity