/// <summary> /// This creates an user impersonation cookie, which starts the user impersonation via the AuthCookie ValidateAsync event /// </summary> /// <param name="userId">This must be the userId of the user you want to impersonate</param> /// <param name="userName"></param> /// <param name="keepOwnPermissions"></param> /// <returns>Error message, or null if OK.</returns> public string StartImpersonation(string userId, string userName, bool keepOwnPermissions) { if (_cookie == null) { return("Impersonation is turned off in this application."); } if (!_httpContext.User.Identity.IsAuthenticated) { return("You must be logged in to impersonate a user."); } if (_httpContext.User.Claims.GetUserIdFromClaims() == userId) { return("You cannot impersonate yourself."); } if (_httpContext.User.InImpersonationMode()) { return("You are already in impersonation mode."); } if (userId == null) { return("You must provide a userId string"); } if (userName == null) { return("You must provide a username string"); } _cookie.AddUpdateCookie(new ImpersonationData(userId, userName, keepOwnPermissions).GetPackImpersonationData()); return(null); }
public void TestCookieExists() { //SETUP var mocks = new MockHttpContextCookies(); var eProvider = new EphemeralDataProtectionProvider(); var cookie = new ImpersonationCookie(mocks.MockContext, eProvider); cookie.AddUpdateCookie("Hello world"); mocks.RequestCookies["UserImpersonation"] = "???"; //ATTEMPT //VERIFY cookie.Exists(mocks.MockContext.Request.Cookies).ShouldBeTrue(); }
public void AddEncryptedCookie() { //SETUP var httpContext = new DefaultHttpContext(); var eProvider = new EphemeralDataProtectionProvider(); //ATTEMPT var cookie = new ImpersonationCookie(httpContext, eProvider); cookie.AddUpdateCookie("Hello world"); //VERIFY httpContext.Response.Headers.Keys.Count.ShouldEqual(1); httpContext.Response.Headers["Set-Cookie"].ShouldNotBeNull(); httpContext.Response.Headers["Set-Cookie"][0].ShouldStartWith("UserImpersonation="); }
public void AddEncryptedCookie() { //SETUP var mocks = new MockHttpContextCookies(); var eProvider = new EphemeralDataProtectionProvider(); //ATTEMPT var cookie = new ImpersonationCookie(mocks.MockContext, eProvider); cookie.AddUpdateCookie("Hello world"); //VERIFY mocks.ResponseCookies.Count.ShouldEqual(1); mocks.ResponseCookies["Set-Cookie"].ShouldNotBeNull(); mocks.ResponseCookies["Set-Cookie"][0].ShouldStartWith("UserImpersonation="); }
public void TestCookieExists() { //SETUP var httpContext = new DefaultHttpContext(); var eProvider = new EphemeralDataProtectionProvider(); var cookie = new ImpersonationCookie(httpContext, eProvider); cookie.AddUpdateCookie("Hello world"); httpContext.AddRequestCookie("UserImpersonation", "???"); //ATTEMPT //VERIFY cookie.Exists(httpContext.Request.Cookies).ShouldBeTrue(); }