我有一个剃须刀的网站我与全登录/注册和使用WebMatrix的管理角色。而一个要求是管理员能够登录为现有用户，以便能够增加，修改，取消和或确认的新订单，因为他的身份登录该特定用户。

我知道这不是处理这个最常用的方式，但我已经看到了它做了很多。我目前拥有一个域名倒卖生意和我的供应商使用这种类型的功能，其中它让我登录的用户的信用他们的帐户等。

所以，我已经告诉FormsAuthentication将工作好这在C＃。所以，我检查了：

http://msdn.microsoft.com/en-us/library/ twk5762b.aspx

这使我问：

什么？

和

通过用户名，他们的意思是，当该用户注册的在创建电子邮件地址？或者，他们指的是用户ID，这是一个INT？

和，是不是真的简单，只要这样：

  @ {
  如果（Roles.IsUserInRole（管理员））
  {
    SetAuthCookie（
      ClientsUserNameHere，
      真正
    ）;
  }
  其他
  {
    的Response.Redirect（〜/帐号/签到）;
  }
}
＆LT; D​​OCTYPE！ HTML＆GT;
＆LT; HTML＆GT;
  ＆LT; HEAD＆GT;＆LT; /头＆GT;
  ＆LT;身体GT;
    ＆LT; P＆GT;你好，管理员，您目前已登录为[插入客户的名字在这里]＆LT; / P＆GT;
  ＆LT; /身体GT;
＆LT; / HTML＆GT;
 

解决方案   

和，是不是真的简单，只要做这个？

是的，这是真的就这么简单。嗯，其实这生效，你需要重定向，因为该页面将使用请求的cookie仍然表示管理员：

 如果（Roles.IsUserInRole（管理员））{
    FormsAuthentication.SetAuthCookie（
        ClientsUserNameHere
        假//＆LT;  - 设置为true仅当您希望永久性Cookie
    ）;
    的Response.Redirect（〜/主页/ SomeUserPage）;
}
 

另外，你可以存储一些信息到会话，表示这是作为一个普通用户，管理员（如果你曾经需要知道它），而不是普通用户。

您可能还需要一起来看看下面的文章一个更先进的模拟场景。

I have a Razor site I made with full login/registration and Admin roles with WebMatrix. And a requirement is for the administrator to be able to "Login as an existing user" in order to be able to add to, edit, cancel and or confirm new orders for that particular user he is logged in as.

I know this is not the most common way of approaching this, but I have seen it done alot. I currently own a domain reselling business and my supplier uses this type of feature where it lets me login as a user to credit their account ETC..

So, I've been told that FormsAuthentication would work good for this in C#. So I checked out:

http://msdn.microsoft.com/en-us/library/twk5762b.aspx

Which leads me to ask:

What?

And...

By "username", they mean the e-mail address that's created when that user registered? Or do they mean the UserId, which is an INT?

And, is it really as simple as doing this?:

@{
  if(Roles.IsUserInRole("Administrator"))
  {
    SetAuthCookie(
      "ClientsUserNameHere,
      true
    );
  }
  else
  {
    Response.Redirect("~/Account/SignIn");
  }
}
<DOCTYPE! HTML>
<html>
  <head></head>
  <body>
    <p>Hello, Administrator, you are currently Signed In as [insert client name here].</p>
  </body>
</html>

And, is it really as simple as doing this?

Yes, it is really that simple. Well, actually for this to take effect you need to redirect because the page will use the request cookie which still indicates an administrator:

if(Roles.IsUserInRole("Administrator")) {
    FormsAuthentication.SetAuthCookie(
        "ClientsUserNameHere",
        false // <-- set to true only if you want persistent cookies
    );
    Response.Redirect("~/Home/SomeUserPage");
}

In addition you could store some info into the session indicating that this is an administrator acting as a normal user (if you ever needed to know it) and not the normal user.

You might also take a look at the following article for a more advanced impersonation scenario.