Authenticate as a different user and be able to logout again

(Soren Malling) #1

I’m building a administration panel for a callcenter, and they would like to be able to authenticate as a different Account (a Customer) to see what the user sees.

A little context
Currently a Customer authenticates and gets to the dashboard and a Callcenter supporter works from a backoffice, totally independent from the Dashboard.

I now that I can change the authenticated account by setting something like this (taken from the PersistedUsernamePasswordProvider class)


So, does a solution include a new and separate AuthenticationProvider that is being executed when a special formed link is clicked and saves “who is authenticated as who” somewhere?

Any help is appreciated on this subject :slight_smile:

(Marc Neuhaus) #2

Not sure, if this still works, but should be a good start: :slightly_smiling_face:

(Soren Malling) #3

Great example, thanks @mneuhaus :slight_smile: Is it considered safe to store such data in the session data?

(Peter Rauber) #4

@sorenmalling, what solution did you use in your project in the end?

(Soren Malling) #5

Haven’t gotten around a solution yet. We still have some business logic to figure out. Since we can’t act on behalf of our customers in the system, I need to be able to know if it’s a simulated session or not, in order to disable functionality in the user interface and so on… And we have only had 2-3 cases where it was “nice to have” but we solved it via TeamViewer screen sharing instead

(Peter Rauber) #6

Thanks. I just estimated this feature for a customer project and during research I found your post. If the customer places the order for the feature I will post my chosen solution here.

Right now I think I will do it like @mneuhaus showed in his package.