Rhetos.Impersonation
6.0.0
Prefix Reserved
dotnet add package Rhetos.Impersonation --version 6.0.0
NuGet\Install-Package Rhetos.Impersonation -Version 6.0.0
<PackageReference Include="Rhetos.Impersonation" Version="6.0.0" />
<PackageVersion Include="Rhetos.Impersonation" Version="6.0.0" />
<PackageReference Include="Rhetos.Impersonation" />
paket add Rhetos.Impersonation --version 6.0.0
#r "nuget: Rhetos.Impersonation, 6.0.0"
#:package Rhetos.Impersonation@6.0.0
#addin nuget:?package=Rhetos.Impersonation&version=6.0.0
#tool nuget:?package=Rhetos.Impersonation&version=6.0.0
Rhetos Impersonation
Rhetos.Impersonation is a DSL package (a plugin module) for Rhetos development platform. It provides a safe way for specified users to log in as another user for debugging and support.
Rhetos.Host.AspNet.Impersonation is an extension of Rhetos.Impersonation, for Rhetos web applications with ASP.NET.
Contents:
- Installation and configuration
- Usage
- Impersonated user information in other applications
- How to contribute
See rhetos.org for more information on Rhetos.
Installation and configuration
Installing this package to a library built with Rhetos that doesn't contain web API:
- Add "Rhetos.Impersonation" NuGet package, available at the NuGet.org on-line gallery.
Installing this package to a web application that uses Rhetos impersonation:
- Add "Rhetos.Host.AspNet.Impersonation" NuGet package, available at the NuGet.org on-line gallery.
- Extend the Rhetos services configuration (at
services.AddRhetosHost) with the impersonation service:.AddImpersonation(). - Extend the application with new endpoints :
.UseRhetosImpersonation()in theStartup.Configuremethod. It is important to call.UseRhetosImpersonation()before.UseEndpoints()or.MapControllers().
Configure impersonation options in AddImpersonation delegate parameter.
See ImpersonationOptions class.
Example:
.AddImpersonation(options =>
{
Configuration.Bind(ImpersonationOptions.DefaultSectionName, options); // Reads standard app settings.
options.ApiExplorerGroupName = "impersonation"; // Manual configuration override in code.
})
Impersonation plugin adds the following security claims:
- ClaimResource: 'Common.Impersonate', ClaimRight: 'Execute' - claim which allows authenticated user to impersonate another user.
- ClaimResource: 'Common.Impersonate', ClaimRight: 'IncreasePermissions' - claim which allows authenticated user to impersonate another user which has more permissions then himself.
- (version 4 and earlier) ClaimResource: 'Common.StopImpersonating', ClaimRight: 'Execute' - claim which allows impersonated user to stop impersonation. Every user in the system should have permission for this claim.
Usage
Rhetos.Impersonation provides web request impersonation. It is not intended for in-process impersonation.
To start impersonating another user, call Common.Impersonate action providing UserName parameter.
- Send a POST request to
<base URL>/rest/Common/Impersonatewith body{"UserName":"<impersonated user>"} - The action returns Impersonation cookie in the web response.
- Provide this cookie in the following web requests to impersonate that user (web browser will automatically provide the cookie).
In order to stop impersonation, call Common.StopImpersonating action.
- Send a POST request to
<base URL>/rest/Common/StopImpersonating.
Impersonated user information in other applications
Version 5 and later: To retrieve the original and the impersonated user information, call web method GetImpersonationInfo.
- Send a GET request to
<base URL>/rest/Common/GetImpersonationInfo. It returns a JSON object with properties Authenticated (the original user) and Impersonated (the impersonated user).
Version 4 and earlier: To retrieve username of impersonated user in your MVC application, your MVC application will have to have same machine key as Rhetos application. The code which extracts impersonated username from Impersonation cookie is listed bellow.
private class ImpersonationInfo
{
public string Authenticated { get; set; }
public string Impersonated { get; set; }
}
public string GetImpersonatedUserName()
{
if (HttpContext.Current == null)
return null;
var cookie = HttpContext.Current.Request.Cookies["Impersonation"];
if (cookie == null)
return null;
if (string.IsNullOrWhiteSpace(cookie.Value))
return null;
var bytes = Convert.FromBase64String(cookie.Value);
var output = System.Web.Security.MachineKey.Unprotect(bytes, "Rhetos.Impersonation");
if (output == null || output.Length == 0)
return null;
var json = Encoding.UTF8.GetString(output);
var impersonatedInfo = Newtonsoft.JsonConvert.DeserializeObject<ImpersonationInfo>(json);
if (impersonatedInfo.Expires < DateTime.Now)
return null;
return impersonatedInfo.Impersonated;
}
How to contribute
Contributions are very welcome. The easiest way is to fork this repo, and then make a pull request from your fork. The first time you make a pull request, you may be asked to sign a Contributor Agreement. For more info see How to Contribute on Rhetos wiki.
Building and testing the source code
- Note: This package is already available at the NuGet.org online gallery. You don't need to build it from source in order to use it in your application.
- To build the package from source, run
Clean.bat,Build.batandTest.bat. - For the test script to work, you need to create an empty database and
a settings file
test\TestApp\ConnectionString.local.jsonwith the database connection string (configuration key "ConnectionStrings:RhetosConnectionString"). - The build output is a NuGet package in the "Install" subfolder.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net8.0
- Rhetos (>= 6.0.0)
- Rhetos.CommonConcepts (>= 6.0.0)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Rhetos.Impersonation:
| Package | Downloads |
|---|---|
|
Rhetos.Host.AspNet.Impersonation
This package is a plugin for Rhetos development platform. It provides functionality for impersonating another user in order to execute something with another user's permissions (for testing purposes) and/or behalf of another user. |
GitHub repositories
This package is not used by any popular GitHub repositories.