Skip to content

Impersonation

Impersonation

User impersonation allows you to temporarily sign in as a different user in your tenant's users.

Introduction

In some cases, users need to sign in as another user and perform operations on behalf of the target user without sharing the target user's password.

How to enable impersonation feature?

Please remember to configure the ImpersonationTenantPermission and ImpersonationUserPermission permissions !!!

MVC

public override void ConfigureServices(ServiceConfigurationContext context)
{
    var configuration = context.Services.GetConfiguration();

    //For impersonation in TenantManagement module
    context.Services.Configure<AbpTenantManagementHostWebOptions>(options =>
    {
        options.EnableTenantImpersonation = true;
    });

    //For impersonation in Identity module
    context.Services.Configure<AbpIdentityWebOptions>(options =>
    {
        options.EnableUserImpersonation = true;
    });

    context.Services.Configure<AbpAccountOptions>(options =>
    {
        //For impersonation in TenantManagement module
        options.TenantAdminUserName = "admin";
        options.ImpersonationTenantPermission = TenantManagementHostPermissions.Tenants.Impersonation;

        //For impersonation in Identity module
        options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
    });
}

MVC Tiered

AuthServer

  1. Depends AccountPublicWebImpersonationModule(GridLab.GMSS.Account.Public.Web.Impersonation) and TenantManagementHostApplicationContractsModule on your AuthServerModule
  2. Configure the AbpAccountOptions.
public override void ConfigureServices(ServiceConfigurationContext context)
{
    context.Services.Configure<AbpAccountOptions>(options =>
    {
        //For impersonation in TenantManagement module
        options.TenantAdminUserName = "admin";
        options.ImpersonationTenantPermission = TenantManagementHostPermissions.Tenants.Impersonation;

        //For impersonation in Identity module
        options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation;
    });
}

HttpApi.Host

No need to do anything here.

Web

  1. Depends AccountPublicWebImpersonationModule(GridLab.GMSS.Account.Public.Web.Impersonation) on your WebModule
  2. Change the base class of AccountController to AbpAccountImpersonationChallengeAccountController
public class AccountController : AbpAccountImpersonationChallengeAccountController
{

}
  1. Add ImpersonationViewComponent to \Components\Toolbar\Impersonation folder

public class ImpersonationViewComponent : AbpViewComponent
{
    public virtual IViewComponentResult Invoke()
    {
        return View("~/Components/Toolbar/Impersonation/Default.cshtml");
    }
}

@using Microsoft.AspNetCore.Mvc.Localization
@using Volo.Abp.Account.Localization
@inject IHtmlLocalizer<AccountResource> L
<form method="post" data-ajaxForm="false" action="~/Account/BackToImpersonator">
    @Html.AntiForgeryToken()
    <button type="submit" class="btn text-danger" data-bs-toggle="tooltip" data-bs-placement="left" title="@L["BackToImpersonator"]">
        <i class="fa fa-undo"></i>
    </button>
</form>

  1. Add ImpersonationViewComponent to ToolbarContributor.
if (context.ServiceProvider.GetRequiredService<ICurrentUser>().FindImpersonatorUserId() != null)
{
    context.Toolbar.Items.Add(new ToolbarItem(typeof(ImpersonationViewComponent), order: -1));
}
  1. Configure AbpTenantManagementHostWebOptions and AbpIdentityWebOptions
public override void ConfigureServices(ServiceConfigurationContext context)
{
    var configuration = context.Services.GetConfiguration();

    //For impersonation in TenantManagement module
    context.Services.Configure<AbpTenantManagementHostWebOptions>(options =>
    {
        options.EnableTenantImpersonation = true;
    });

    //For impersonation in Identity module
    context.Services.Configure<AbpIdentityWebOptions>(options =>
    {
        options.EnableUserImpersonation = true;
    });
}