Home/ Questions/Q 8159921
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T18:04:44+00:00

I have a requirement to implement user privilege elevation in an MVC3 web app,

  • 0

I have a requirement to implement user privilege elevation in an MVC3 web app, for both Forms and Windows authentication, but this question is critical for Windows auth. This is for a higher privileged user to give assistance to a lower privileged user, e.g. when a clerical user is performing a task and requires an admin user to do a task before the clerical user can continue, the admin user should be able to elevate the same session to their privilege level, perform the admin task, and restore the lower privilege to the session. I don’t see a way here without the clerical user logging off and the admin user logging on, given that we want to achieve this on the desktop of the clerical user alone. Maybe user switching is tidier than a whole new session, but I would very much like a “run as” equivalent for Windows authenticated web apps.

Is this even possible, and if so, how can I achieve this? I have no idea where to even begin looking.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could put an anchor somewhere on your site:

    @Html.ActionLink("elevate to admin", "SwitchToAdmin", "Home")

    and then have a controller action which will allow for inputting the administrator credentials:

    public ActionResult SwitchToAdmin()
{
    // TODO: Adjust the role name that your administrators will have
    if (!User.IsInRole(@"DOMAIN\Administrators"))
    {
        // The user is not currently an admin => popup a Logon box
        // so that the administrator could authenticate himself
        return new HttpUnauthorizedResult();
    }
    else
    {
        // After inputting the correct username and password for the
        // admin, we can now redirect to the home action and start performing
        // the admin tasks
        return RedirectToAction("index", "home");
    }
}

    The revert process will be the inverse. You could have a link which will call a controller action that will throw 401 if the user is an admin allowing for the normal user to enter his username and password.

    • 0