Home/ Questions/Q 6918427
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T09:51:27+00:00

I’m currently implementing a website that require a customer support user to Login as

  • 0

I’m currently implementing a website that require a “customer support” user to Login as the customer itself for support purposes. The problem is that login with the customer user, interrupts the customer support login, so only a single user can be concurrently logged in from a single computer.

I use MVC3 with AspNetSqlMembershipProvider for authorization\authentication purposes.

How can I easly use multiple concurrent logins on a single computer?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should abstract this at a higher level than the authenticated user. I suggest that you introduce the concept of a logged in user and a current user. The session remains with the logged in user, but logged in users with sufficient privileges have the ability to impersonate other users, with that user becoming the current user. Use the current user to control access to data, drive the UI (with exceptions for what an impersonating user would need to control impersonation), perform transactions, etc. Store the current user in the session as data, perhaps setting commonly used properties on a base controller in OnActionExecuting as needed.

    public class AdminController : BaseController
{

    [Authorize( Roles = "ActOnBehalfOfUser" )]
    [AcceptVerbs( HttpVerbs.Get )]
    public ActionResult Impersonate()
    {
        return View();
    }

    [Authorize( Roles = "ActOnBehalfOfUser" )]
    [AcceptVerbs( HttpVerbs.Post )]
    [ValidateAntiForgeryToken]
    public ActionResult Impersonate( string userNameOrID, bool? revoke )
    {
        var currentUser = this.GetCurrentUser();

        if (revoke.HasValue && revoke.Value)
        {
            try
            {
                LogImpersonationEnd( currentUser );
            }
            catch { }
            this.SetEffectiveUser( currentUser );
        }
        else
        {
            if (string.IsNullOrEmpty( userNameOrID ))
            {
                this.ModelState.AddModelError( "userNameOrID", "You must supply a username or uid to impersonate." );
                return View();
            }

            var person = this.LookupUser( userNameOrID );
            if (person == null)
            {
                this.ModelState.AddModelError( "userNameOrID", "No user with the given id was found." );
                return View();
            }

            this.SetEffectiveUser( person );
            try
            {
                using (var dc = new FooDataContext())
                {
                    var impersonation = new Impersonation
                    {
                        EffectiveUser = person.UID,
                        ActualUser = currentUser.UID
                    };
                    dc.InsertOnSubmit( impersonation );
                    dc.SubmitChanges();
                }
            }
            catch { }
        }

        return View();

    }
}

    Base Controller:

    public class BaseController : Controller
{
    protected bool IsImpersonating
    {
        get
        {
            var effectiveUID = this.Session[EFFECTIVE_USER_KEY] as string;
            var uid = this.Session[USER_KEY] as string;
            return !string.Equals( effectiveUID, uid );
        }
    }

    protected Person GetEffectiveUser()
    {
        return GetUser( this.Session[EFFECTIVE_USER_KEY] as string );
    }

    protected void SetEffectiveUser( Person person )
    {
        this.Session[EFFECTIVE_USER_KEY] = person.UniversityID;
        this.Session[UIPERSON_KEY + person.UniversityID] = person;
    }

    protected Person GetUser( string uid )
    {
        Person person = null;
        if (!string.IsNullOrEmpty( uid ))
        {
            person= GetCachedPerson( uid, p => p.UID == uid );
        }
        return person ?? new AnonymousPerson();
    }



    protected Person LookupUser( string usernameOrUID )
    {
        Person person = null;
        if (!string.IsNullOrEmpty( usernameOrUID ))
        {
            uiPerson = this.GetCachedPerson( usernameOrUID, p => p.UID== usernameOrUID || p.Username == usernameOrUID );
        }
        return uiPerson;
    }

    private Person GetCachedPerson( string uid, Expression<Func<Person, bool>> selector )
    {
        Person person = this.Session[PERSON_KEY + uid] as Person;
        if (person == null)
        {
            using (var context = new FooDataContext())
            {
                person = context.SingleOrDefault<Person>( selector );
                if (uiPerson != null)
                {
                    this.Session[PERSON_KEY + uid] = person;
                }
            }
        }
        return person;
    }

    protected void LogImpersonationEnd( Person currentUser )
    {
        using (var dc = new FooDataContext())
        {
            var euid = this.GetEffectiveUser().UID;
            var impersonation = dc.Table<Impersonation>()
                                  .Where( i => i.EffectiveUser == euid && i.ActualUser == currentUser.UniversityID && !i.EndTime.HasValue )
                                  .OrderByDescending( i => i.ID )
                                  .FirstOrDefault();

            if (impersonation != null)
            {
                impersonation.EndTime = DateTime.Now;
                dc.SubmitChanges();
            }
        }
    }
}
    • 0