Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Impersonation not working on IIS 8 #1534


User avatar
0
eggersa created

The impersonation feature works fine when runnig the application (version 0.8.4) on my local machine from Visual Studio. However, as soon as I run the application on IIS 8, the impersonation does not work anymore. The reason is that the built in cache manager (not using redis) seems to have some sort of a problem.

Within the AccountController (as is from the aspnetzero template) the impersonation token is put in the cache to be retrieved by the next action method (ImpersonateSignIn). However, at this point, the cache is empty when running on IIS 8.

public virtual async Task<JsonResult> Impersonate(ImpersonateModel model)
{
	// ...
	var result = await SaveImpersonationTokenAndGetTargetUrl(model.TenantId, model.UserId, false);
	AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
	return result;
}

[UnitOfWork]
public virtual async Task<ActionResult> ImpersonateSignIn(string tokenId)
{
	var cacheItem = await _cacheManager.GetImpersonationCache().GetOrDefaultAsync(tokenId);
	if (cacheItem == null)
	{
		// gets thrown on IIS 8 but not on localhost
		throw new UserFriendlyException(L("ImpersonationTokenErrorMessage"));
	}
	// ...
}

Thank you for your help =).


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Can you try to log values of tokenId in Impersonate and ImpersonateSignIn to see if they are equal ? Can you also log the value of targetUrl in SaveImpersonationTokenAndGetTargetUrl method while impersonating ?

  • User Avatar
    0
    eggersa created

    Hi ismcagdas

    Thank you for your fast reply. As is often the case, I just found out the answer myself after publicily asking :oops:. I didn't notice that the WebUrlService is used in order to create the redirect url with the token (so it pointed to the application on my local machine which of course did not know about that token and caused the null exception. I thought that is some remote debugging magic).

    However, this raises the question why not simply use the Url property from the HttpRequest object instead of configuring the base url by hand?

  • User Avatar
    0
    ismcagdas created
    Support Team

    If you look at the _webUrlService.GetSiteRootAddress(tenancyName) method, it returns url for a tenant. In a SAAS app each tenant might have different subdomains like <a class="postlink" href="http://tenant1.yoursite.com">http://tenant1.yoursite.com</a>, <a class="postlink" href="http://tenant2.yoursite.com">http://tenant2.yoursite.com</a> etc. Because of this, target url might be different that current url.