Impersonation

With impersonation, you can allow users or user groups to act on behalf of other users or user groups and see the website through their eyes.

They can then log in to frontend with their regular extranet login, and select a user to impersonate (Figure 1.1).

Figure 1.1 The user who impersonates someone will be able to select whom to impersonate when logging in

Impersonation settings can be set on both individual users and at a group level, by clicking the Impersonation button in the ribbon bar.

This will launch a window (Figure 2.1) where you can select:

  • Which users and user groups are available to impersonate
  • Which users and user groups can impersonate this user or user group
Figure 2.1 Selecting who can impersonate whom is done from the impersonation window

If you cannot find the Impersonation button, try saving the user first.

In Dynamicweb, there are two impersonation modes:

  • Only orders (actions on behalf of the impersonated user)
  • Full impersonation (the current user is replaced with the impersonated user)

You can switch between the modes using the impersonation settings.

Since the global tags varies with the two impersonation modes, you may want to differentiate sections in your templates (for instance, if you have a paragraph with "X is now impersonating Y".

To do this, you can use the Global:Extranet.ImpersonationMode tag and create an if/else statement where the CurrentUser tags and SecondaryUser tags are switched.

Selecting the "Only tag orders with impersonating user" setting enables the Only orders mode. When a user impersonates someone using this mode, orders they create are then placed on behalf of the impersonated user.

The following rules exists for this mode:

  • Permissions (for pages etc.) are based on the impersonated user
  • Orders are tagged with the impersonated user (Figure 4.1)
  • Prices are based on the impersonator
  • Forum posts are placed by the impersonator

 

Selecting the "Replace current user with impersonated user" enables the Full impersonation mode. This mode basically switches the impersonator's and the impersonated user's IDs (CurrentUser tags are switched with the SecondaryUser tags). The impersonator can now act completely and directly on behalf of the impersonated user.

The following rules exists for this mode:

  • Permissions (for pages etc.) are based on the impersonated user
  • Orders are not tagged, but placed directly by the impersonated user
  • Prices are based on the impersonated user
  • Forum posts are placed by the impersonated user

When using Full Impersonation mode, you can check Use impersonator for permissions setting. This ensures that permissions are based on the impersonator. Otherwise, the rules are the same for the Full impersonation mode.

In frontend you can then render a dropdown selector or a list of accounts which a user can impersonate, and then a button or form for starting and stopping the impersonation session:

RAZOR
@using Dynamicweb.Rendering @using Dynamicweb.Security.UserManagement @inherits RazorTemplateBase<RazorTemplateModel<Template>> <div class="container"> <div class="row"> <div class="col-md-6 col-sm-6 col-xs-12"> @if (User.GetCurrentExtranetUser() == null) { <b style="color:red;">Log in to see the list of users you can impersonate</b> } else { if (!string.IsNullOrWhiteSpace(GetGlobalValue("Global:Extranet.SecondaryUser.UserID"))) { <form method="post"> <span>@GetGlobalValue("Global:Extranet.SecondaryUser.UserName") is impersonated by @Pageview.User.UserName</span> <input type="submit" name="DwExtranetRemoveSecondaryUser" id="DwExtranetRemoveSecondaryUser" value="Stop impersonation"> </form> <br /> } else { <p>You are not impersonating anyone right now</p> } if (GetLoop("DWExtranetSecondaryUsers").Count > 0) { <form method="post"> <select id="DWExtranetSecondaryUserSelector" name="DWExtranetSecondaryUserSelector"> @foreach(var user in GetLoop("DWExtranetSecondaryUsers")) { <option value="@user.GetString("UserID")"> @user.GetString("Name") @user.GetString("UserName") </option> } </select> <input type="submit" value="Impersonate selected"> </form> } else { <p>You cannot impersonate anyone</p> } } </div> </div> </div>

If the list of available users/user groups in frontend doesn't match updated changes in the backend, try logging out of the frontend and then log in again.

database

These are the tables relevant for Impersonation in the Dynamicweb database:

AccessUserSecondaryRelation

Contains AccessUserId of users (AccessUserSecondaryRelationUserID) who can log in on behalf of other users (AccessUserSecondaryRelationSecondaryUserId) (i.e. Impersonate them).

Field name Data type Length
AccessUserSecondaryRelationUserId int 4
AccessUserSecondaryRelationSecondaryUserId int 4
AccessUserSecondaryRelationAutoId int 4