How to sign in by any user in active directory(without password)

Question

My main goal is to create a backdoor sign in by any user for admin.

I use core API and Active Directory auth and use LDAP.

services.AddLdap(Configuration);
app.UseLdapAuthentication(Configuration);

It works correctly.

Now I need to add the ability for admin to log-in by any user. Of course, admin doesn't know a password.

I do connect

_connection.Connect(_config.Url, LdapConnection.DEFAULT_PORT);

And bind where I have to know the password.

 _connection.Bind(username, password);

I use cookie-based auth.

I can't find a way to do that.

Answer 1

I use cookie based auth.

If you're using cookie-based authentication, then you don't need to involve AD with your impersonation.

I assume this is how your authentication normally works:

1. User puts in username and password.
2. Your application validates the credentials through LDAP.
3. Your application issues a cookie for the user.

If you want to allow an administrator to impersonate anyone else in your application, then create a page where the administrator can view all the user accounts and choose an account to impersonate. Then the application just issues a cookie for that user account.

So it would go something like this:

1. Admin user puts in their own username and password.
2. Your application validates the credentials through LDAP and validates that the user is an admin.
3. Your application issues a cookie for the user's own account.
4. Admin user goes to the "Users" page and picks an account to impersonate.
5. Your application issues a new cookie for the user selected.

I did this exact thing in one of our applications.