Need help conceptualizing this...

Topics: Writing modules
Mar 21, 2012 at 10:27 PM

I currently have Orchard 1.4 running for our company's internal self-service reporting application. I have a fairly extensive custom module that I've written to handle all of this.

Security in the application is done using the Windows Authentication module from AlexH so that when a user hits the site for the first time, LDAP is queried and an Orchard user is created using their login name. I also have the Contrib.Profile module installed and extended the Windows Authentication module so that when the Orchard user is created, I write a few things out to some Profile fields to use on the site...mainly First Name, Last Name, and Employee ID.

Here's what I'm trying to do now, I'm just having a problem trying to envision how this will work.

When troubleshooting issues with the reporting application for users, it's extremely helpful to see the website as they would...basically this means that I want to be able to impersonate another user on the site without actually logging into their account (which I can't do anyways because I'm using Windows Authentication). first thought is to extend the Windows Authentication module further to pass a specific username to the login sequence instead of the Windows username. Simple enough...I figured I could use the Profile module to create a boolean value named UserImpersonate and a text value for the proposed username to impersonate. During the login sequence in the Windows Authentication module, I would check to see if the boolean value is true and then pass the text value to the login sequence instead of the Windows username.

All of this seemed like a great idea, do I then turn that off and return to using Orchard as myself without having to login as a different user and "undo" the UserImpersonate checkbox from the admin side?

If anyone has thoughts on how I could possibly make this scenario work...using what I described above, or a different method if you think it could work better, I would very much appreciate some ideas on how to proceed with designing this.

Thanks so much for your ideas.

Mar 22, 2012 at 12:11 AM
Edited Mar 22, 2012 at 12:12 AM

Just doing some thinking out loud on what I've done so far...

I've got the whole thing setup so that if I check the Impersonate User checkbox in the profile, as soon as I click Save, the Windows Authentication module checks to see if that is true and then changes the User it's using to authenticate with to another value (I'm just hard coding that right now).

Works how do I undo it now that I'm the new user since I don't have access to the other user's profile.

One idea that a co-worker had is to pass something in the URL string that temporarily prevents the impersonated user from being loaded...

Here's the code that changes the User


// Check profile for impersonation and sign-in as different user if true
                        dynamic contentItem = user.ContentItem;
                        if (contentItem.ProfilePart.ImpersonateUser.Value == true)
                            user = membershipService.GetUser("NewUser");


so, I'm wondering if I can check something else in the if statement and if it's not true, bypass the user assignment.


if (contentItem.ProfilePart.ImpersonateUser.Value == true && someValue != "false")

I don't know if it's possible to pass a value from the query string into the login sequence in the Windows Authentication module though...

Mar 22, 2012 at 1:22 AM

I tried setting the ImpersonateUser value to false as soon as I check it, thinking that it would keep the logged in user until the browser was closed or the user was forced to sign out. That's not the soon as I go to a different page on the site, it logs me back in as the original user.

So...back to looking for a different way.

Mar 22, 2012 at 2:18 AM


I was trying to check Request.QueryString["impersonate"] == "false"...I needed to check httpContext.Request.QueryString["impersonate"] == "false" all I have to do is go to any URL with ?impersonate=false and I have it setup to remove the ImpersonateUser Boolean.