是否有办法添加主密码,可用于登录使用.NET Identities创建的用户帐户。我希望我们的系统管理员能够轻松登录某个人的帐户,以便他们能够准确查看客户登录后会看到的内容。
一种方法是改变
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
方法,以便检查提供的密码确实是主密码,如果是,请使用提供的电子邮件地址抓取用户,然后正常登录:
await SignInManager.SignInAsync(user, true, model.RememberMe);
这看起来好吗?还有更好的方法吗?
答案 0 :(得分:1)
有一个实际的词:模仿。
这是一个link,它将向您展示如何实现它。
public async Task ImpersonateUserAsync(string userName)
{
var context = HttpContext.Current;
var originalUsername = context.User.Identity.Name;
var impersonatedUser = await userManager.FindByNameAsync(userName);
var impersonatedIdentity = await userManager.CreateIdentityAsync(impersonatedUser, DefaultAuthenticationTypes.ApplicationCookie);
impersonatedIdentity.AddClaim(new Claim("UserImpersonation", "true"));
impersonatedIdentity.AddClaim(new Claim("OriginalUsername", originalUsername));
var authenticationManager = context.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, impersonatedIdentity);
}
检测模仿的扩展方法:
public static bool IsImpersonating(this IPrincipal principal)
{
if (principal == null)
{
return false;
}
var claimsPrincipal = principal as ClaimsPrincipal;
if (claimsPrincipal == null)
{
return false;
}
return claimsPrincipal.HasClaim("UserImpersonation", "true");
}
使用上面的代码:
if(HttpContext.Current.User.IsImpersonating())
{
// do my stuff for admins
}
然后回复。
public async Task RevertImpersonationAsync()
{
var context = HttpContext.Current;
if (!HttpContext.Current.User.IsImpersonating())
{
throw new Exception("Unable to remove impersonation because there is no impersonation");
}
var originalUsername = HttpContext.Current.User.GetOriginalUsername();
var originalUser = await userManager.FindByNameAsync(originalUsername);
var impersonatedIdentity = await userManager.CreateIdentityAsync(originalUser, DefaultAuthenticationTypes.ApplicationCookie);
var authenticationManager = context.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = false }, impersonatedIdentity);
}
答案 1 :(得分:0)
明确的答案是'对'&#39;这样做的方式我相信。我只想发布另一种有效的方式。这样管理员就可以使用用户的电子邮件地址登录,但是他们会插入&#34; ___&#34;在它面前(这不是真的需要,但我希望管理员必须做一些不同的事情)。然后,他们使用主密码(硬编码到帐户控制器中,应该存储在可以轻松更改的地方)。登录POST方法(在帐户控制器中)然后更改为:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
if ((model.Password == MasterPassword) && model.Email.StartsWith("___"))
{
var user = UserManager.FindByEmail(model.Email.Replace("___", ""));
if (user != null)
{
await SignInManager.SignInAsync(user, true, model.RememberMe);
return RedirectToLocal(returnUrl);
}
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
else
{
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
}
不像使用模仿那样光滑,但仍然有效。