public async Task <IActionResult> LoginAsAnotherUserAsync(LoginAsAnotherPersonViewModel model, string button) { if (!LoginAsAnotherUserOpportunityAvailable()) { return(NotFound()); } // check if we are in the context of an authorization request AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); // the user clicked the "cancel" button if (button != "login") { return(await RedirectToLoginPageAsync(context, model.ReturnUrl)); } if (ModelState.IsValid) { User user = await _userManager.FindByIdAsync(model.SelectedUserId.ToString()); if (user != null) { await ValidateUserAsync(user); HttpContext.Session.SetInt32(CustomClaimTypes.LoggedInAsAnotherPerson, 1); // It 's necessary to update security stamp, otherwise we get an exception await _userManager.UpdateSecurityStampAsync(user); await _signInManager.SignInAsync(user, isPersistent : true); await _events.RaiseAsync(new UserLoginSuccessEvent( username : user.UserName, subjectId : user.Id.ToString(), name : user.UserName)); return(await RedirectToReturnUrlAsync(context, model.ReturnUrl)); } await _events.RaiseAsync(new UserLoginFailureEvent( username : model.SelectedUserId.ToString(), error : "invalid UserId", clientId : context?.ClientId)); ModelState.AddModelError( nameof(LoginAsAnotherPersonViewModel.SelectedUserId), "Invalid username or password"); } IReadOnlyCollection <User> users = await _userService.UsersWithRoleAsync(); var vm = new LoginAsAnotherPersonViewModel(users, model.ReturnUrl, model.SelectedUserId); return(PartialView("LoginAsAnotherPerson", vm)); }
#pragma warning disable UseAsyncSuffix public async Task <IActionResult> LoginAsAnotherUser(string returnUrl) #pragma warning restore UseAsyncSuffix { if (!LoginAsAnotherUserOpportunityAvailable()) { return(NotFound()); } IReadOnlyCollection <User> users = await _userService.UsersWithRoleAsync(); var vm = new LoginAsAnotherPersonViewModel(users, returnUrl); return(PartialView("LoginAsAnotherPerson", vm)); }