Last post Sep 16, 2020 08:06 PM by PatriceSc
Sep 16, 2020 01:22 AM|Jimmynghk|LINK
I am making an intranet web application for internal use using ASP.NET Core 3.1 MVC that's using Windows authentication and working on a logout/login page. I am trying to include a function that allows user to logout and sign in as another user.
I inserted this script in _Layout.cshtml but the @User.Identity.Name still shows the original name on the web page, indicating that I haven't logged out and I can
still access the pages with [Authorize] attribute, is there a way to logout user regardless what browser the user's using?
Also, is there an ASP.NET Core 3.1 version of this answer? This doesn't work in ASP.NET Core because we can't use system.web, so errors appear saying HttpCookie, Request.IsAuthenticated, Response.Cookies.Set(cookie) and
functions alike are undefined.
Sep 16, 2020 11:34 AM|mgebhard|LINK
Sure. Just log out (start button -> sign out) then log in as a different user. Of course you need to know another user's login or have test accounts setup.
Sep 16, 2020 11:47 AM|PatriceSc|LINK
For Windows authentication the user would need to open another session or to use "run as" to launch the browser using another Windows identity.
Depending on the purpose, another option could be to allow a user to give permissions on his own stuff to other users rather to have to give his password (and basically access to whatever is allowed to him).
Sep 16, 2020 04:19 PM|Jimmynghk|LINK
Is it possible to simply create a ”sign in as another user” page in the project? I don’t want to make user have to sign out the current windows session to login as another user in the web application.
Sep 16, 2020 08:06 PM|PatriceSc|LINK
As explained at
https://docs.microsoft.com/en-us/troubleshoot/browsers/prompt-for-username-and-password Window authentication is triggered when the site is part of the "intranet zone".
So a possible option could be to expose the same site using multiple web addresses so that you can force one or the other. Depending on your current zone configuration it could be
https://site/ and https://site.domain.com/ or
I would still double check why a user needs multiple accounts.