log in as another user in asp.net web application

1.2k views Asked by At

We have a cloud based asp.net web application (asp.net web form)which is for dry cleaners , and our customers have there own userid and password to login .So to give them customer support we get there system access through teamviewer and then check the problem . But now we are trying to make a tool so we can directly login our clients account without asking there userid and password and check there problems. So i need some guidance to where to start as i am a trainee right now.

1

There are 1 answers

2
Peanut On

A lot of applications provide a "Login as .." feature. There is usually a list of all users and when you select one of them you see their account details. Add a function (e.g. a Button or something) to those details which allows a admin to log in as the other user.

I recommend to keep logged in as admin/supervisor/... and just add the "hijacked" user somehow to the session.

This approach probably requires to rewrite the session management but enables you to log which admin logged in as which user and you could also log all the actions the admin did while incorporating the user. Adding logs might be important. Privacy might be a concern as well. This question is not something you should discuss on SO, but with your company as it involves company policies, etc. Also We know nothing about your code, your application and how it works.