/// <summary>
/// This creates an user impersonation cookie, which starts the user impersonation via the AuthCookie ValidateAsync event
/// </summary>
/// <param name="userId">This must be the userId of the user you want to impersonate</param>
/// <param name="userName"></param>
/// <param name="keepOwnPermissions"></param>
/// <returns>Error message, or null if OK.</returns>
public string StartImpersonation(string userId, string userName, bool keepOwnPermissions)
{
if (_cookie == null)
{
return("Impersonation is turned off in this application.");
}
if (!_httpContext.User.Identity.IsAuthenticated)
{
return("You must be logged in to impersonate a user.");
}
if (_httpContext.User.Claims.GetUserIdFromClaims() == userId)
{
return("You cannot impersonate yourself.");
}
if (_httpContext.User.InImpersonationMode())
{
return("You are already in impersonation mode.");
}
if (userId == null)
{
return("You must provide a userId string");
}
if (userName == null)
{
return("You must provide a username string");
}
_cookie.AddUpdateCookie(new ImpersonationData(userId, userName, keepOwnPermissions).GetPackImpersonationData());
return(null);
}
public void TestCookieExists()
{
//SETUP
var mocks = new MockHttpContextCookies();
var eProvider = new EphemeralDataProtectionProvider();
var cookie = new ImpersonationCookie(mocks.MockContext, eProvider);
cookie.AddUpdateCookie("Hello world");
mocks.RequestCookies["UserImpersonation"] = "???";
//ATTEMPT
//VERIFY
cookie.Exists(mocks.MockContext.Request.Cookies).ShouldBeTrue();
}
public void AddEncryptedCookie()
{
//SETUP
var httpContext = new DefaultHttpContext();
var eProvider = new EphemeralDataProtectionProvider();
//ATTEMPT
var cookie = new ImpersonationCookie(httpContext, eProvider);
cookie.AddUpdateCookie("Hello world");
//VERIFY
httpContext.Response.Headers.Keys.Count.ShouldEqual(1);
httpContext.Response.Headers["Set-Cookie"].ShouldNotBeNull();
httpContext.Response.Headers["Set-Cookie"][0].ShouldStartWith("UserImpersonation=");
}
public void AddEncryptedCookie()
{
//SETUP
var mocks = new MockHttpContextCookies();
var eProvider = new EphemeralDataProtectionProvider();
//ATTEMPT
var cookie = new ImpersonationCookie(mocks.MockContext, eProvider);
cookie.AddUpdateCookie("Hello world");
//VERIFY
mocks.ResponseCookies.Count.ShouldEqual(1);
mocks.ResponseCookies["Set-Cookie"].ShouldNotBeNull();
mocks.ResponseCookies["Set-Cookie"][0].ShouldStartWith("UserImpersonation=");
}
public void TestCookieExists()
{
//SETUP
var httpContext = new DefaultHttpContext();
var eProvider = new EphemeralDataProtectionProvider();
var cookie = new ImpersonationCookie(httpContext, eProvider);
cookie.AddUpdateCookie("Hello world");
httpContext.AddRequestCookie("UserImpersonation", "???");
//ATTEMPT
//VERIFY
cookie.Exists(httpContext.Request.Cookies).ShouldBeTrue();
}
