0

I'm designing a system, where the admin will be able to login as a user to fix things on their behalf etc. I'd like it so they have an additional role during this period. Is there any way to add the role in memory or in a way that ends when they logout/close the browser. I could add the role from the admin screen and remove when that user logs in again but it could easily go wrong. Cheers.

This isn't about how to do impersonation. I've got that part working. I'd like to be able to add an additional role to the user but only when they are being impersonated (so there are a few extra diagnostic screens available). I think the person below is answering my question by explaining that when I add a claim, I'm adding it to the the cookie. I was thinking adding this information persisted back to the database. I will try that code tomorrow but I suspect it is the direction I need to go in. This is silly question but have the rules changed recently, I've noticed tonight people being a little enthusiastic to correct grammar etc.

user1102550
  • 543
  • 1
  • 7
  • 24
  • Possible duplicate of [How do I use ASP.NET Identity 2.0 to allow a user to impersonate another user?](https://stackoverflow.com/questions/24161782/how-do-i-use-asp-net-identity-2-0-to-allow-a-user-to-impersonate-another-user) – trailmax Mar 12 '18 at 00:29

1 Answers1

0

ASP.NET Core 2.0 Identity uses claims based authentication. Each role is a claim. Claims are persisted for the session via several means but generally in the application cookie issued when they log in or JWT auth tokens (not in memory).

Using the SignInManager creating a user principal and adding an extra claim should be pretty trivial:

// create the user principal
var principal = await signInManager.CreateUserPrincipalAsync(user);

// add the extra role
principal.Identities.First().AddClaim(new Claim(ClaimTypes.Role, SomeRole));

// issue the application cookie
await HttpContext.SignInAsync(principal)
Peter Riesz
  • 3,091
  • 29
  • 33