Security & Authentication

Vote:
 

i am working with CMS SP1.

Requirement:
i need to change the user identity for the child pages like if from view mode ,logged in as "administrator" and from the page i need to open a child page using "Window.open()" with new user identity say "XYZ" user and when returning back to parent window it should contained with "administrator" user.


proposed solution:
1. i am creating an intermediate page link on parent page. intermediate page accepts the URL of child page.
2. on load event of intermediate page i am changing the
forms authentication cookies using the method formsAuthentication.setAuthCookies() and redirecting to the child page along with user id as query string.

3. On the page load of child page i am able to change the httpContext for the passed user.


Challenges
1. in the purposed solution i am using the intermediate page which is one step extra which i have perform. this needs to removed.
2. if i am changing the Forms Authentication cookies using method FormsAuthentication.SetAuthCookies(). its getting changed for the whole application and when i will return back to parent windos then also it keeping the changed value of form authentication cookies. due to that we are not able to provide the user/role based security.

 

Request
1. it will be better if you can explain how the user/role management is been done to handle such situations.
2. instead of using the intermediaet page if we dirrectly want to set the forms authentication cookies then on which event of page we need to capture.

thanks

VB

#23131
Aug 27, 2008 18:18
Vote:
 

Are you referring to impersonation ??

See..

http://labs.episerver.com/en/Blogs/Johano/Dates/111974/111975/111979/

 

#23155
Aug 28, 2008 15:27