public async Task <IActionResult> LoginAsAnotherUserAsync(LoginAsAnotherPersonViewModel model, string button)
{
if (!LoginAsAnotherUserOpportunityAvailable())
{
return(NotFound());
}
// check if we are in the context of an authorization request
AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
// the user clicked the "cancel" button
if (button != "login")
{
return(await RedirectToLoginPageAsync(context, model.ReturnUrl));
}
if (ModelState.IsValid)
{
User user = await _userManager.FindByIdAsync(model.SelectedUserId.ToString());
if (user != null)
{
await ValidateUserAsync(user);
HttpContext.Session.SetInt32(CustomClaimTypes.LoggedInAsAnotherPerson, 1);
// It 's necessary to update security stamp, otherwise we get an exception
await _userManager.UpdateSecurityStampAsync(user);
await _signInManager.SignInAsync(user, isPersistent : true);
await _events.RaiseAsync(new UserLoginSuccessEvent(
username : user.UserName,
subjectId : user.Id.ToString(),
name : user.UserName));
return(await RedirectToReturnUrlAsync(context, model.ReturnUrl));
}
await _events.RaiseAsync(new UserLoginFailureEvent(
username : model.SelectedUserId.ToString(),
error : "invalid UserId",
clientId : context?.ClientId));
ModelState.AddModelError(
nameof(LoginAsAnotherPersonViewModel.SelectedUserId),
"Invalid username or password");
}
IReadOnlyCollection <User> users = await _userService.UsersWithRoleAsync();
var vm = new LoginAsAnotherPersonViewModel(users, model.ReturnUrl, model.SelectedUserId);
return(PartialView("LoginAsAnotherPerson", vm));
}
#pragma warning disable UseAsyncSuffix
public async Task <IActionResult> LoginAsAnotherUser(string returnUrl)
#pragma warning restore UseAsyncSuffix
{
if (!LoginAsAnotherUserOpportunityAvailable())
{
return(NotFound());
}
IReadOnlyCollection <User> users = await _userService.UsersWithRoleAsync();
var vm = new LoginAsAnotherPersonViewModel(users, returnUrl);
return(PartialView("LoginAsAnotherPerson", vm));
}
