9

I'm trying to develop an intranet app/website that uses Windows authentication.

I'd like to test it with multiple users, for roles etc.

At the moment I'm only using my own domain account. Is there a way I could simulate different users for the site?

Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480
raklos
  • 28,027
  • 60
  • 183
  • 301

5 Answers5

12

As a picture is worth a thousand words here it goes how to do it in IE based on 2GDev's comment copied here for clarity:

Go to Internet Options => Security => Local Intranet => Custom Level and change the User Authentication to "Prompt for username and password"

enter image description here

Click OK then Apply. Close the browser. Reopen it and point it to the website's URL you want to debug. You should happily see the login prompt where you can login with a different User account to simulate concurrency for example (this is what I'm doing right now here):

enter image description here

Community
  • 1
  • 1
Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480
  • 2
    This has the advantage over my answer in that the user account doesn't need to have permission to run on the machine; the credentials should just be for remote authentication and the browser is still running as the original local user. – Paul Turner Oct 02 '13 at 09:17
5

When you use Windows Authentication you can change your identity by running the browser as another user.

In windows, go to the browser exe (or a shortcut), right-click on the icon and select "Run as.." from the menu. This will prompt you to specify the username and password to run the account under.

Provided the identity you specify has access to the machine you are running on, the browser will then be running "as" identity specified. If you browse to a site using Windows Authentication, it will authenticate using the identity specified, instead of your own.

Paul Turner
  • 38,949
  • 15
  • 102
  • 166
2

Use Impersonation...

From MSDN

Impersonation

An ASP.NET application can use impersonation to perform operations and access resources with the security context of the authenticated client or of a specific Windows account.

And in your web.config 

<identity impersonate="true" username="TestUser" password="P@ssw0rd" />
2GDev
  • 2,478
  • 1
  • 20
  • 32
  • I'm assuming they want the clients to impersonate logins, not the intranet itself. – J. Steen Jul 26 '11 at 11:22
  • I think this answer misses the point of the question. Impersonation tells the application to answer any challenges for authorization with the identity of the logged-in user, effectively replacing the identity of the app pool. **It does not allow you to log into the application as a different user.** – Paul Turner Jul 26 '11 at 11:34
  • 1
    you're right... this answer it's incorrect in this case. they can try to change the Logon user on the web browser. on IE go to Internet Options -> Security -> Local Intranet -> Custom Level and change the User Authentication to "Prompt for username and password"... – 2GDev Jul 26 '11 at 12:18
  • @2GDev I added an answer http://stackoverflow.com/a/19129704/114029 to illustrate your comment. Thanks for sharing! It really helped. :) – Leniel Maccaferri Oct 02 '13 at 03:52
0

In my case, there are db tables with users and their properties. In users table got login field (Domain/UserName). Also got custom Identity and Principal, which using this table to authenticate user in global.asax autherticate_request method.

To simulate different users in debug mode, there is special control rendered in master page (or layout page for mvc). It contain select box with all users, and apply button.

On server side after apply button click in session pushed emulated user login and sending refresh to response.

So in next authenticate event occured checking for emulated user login in session and if it exists then authenticate continues based on emulateded login.

Bad side: need sync service to always have actual user table based on current AD.

aleha_84
  • 8,309
  • 2
  • 38
  • 46
0

How about to install and run the Virtual PC with some ready for download installed systems from MS ?

By running a virtual pc on your computer you can emulate connections to your pc and at the same time, its looks like a diferent computer, with diferent Ip.

Aristos
  • 66,005
  • 16
  • 114
  • 150