Skip to main content

Sitecore: RunAs Different User for Admins

If you are working as a supporting partner for a Sitecore website, you may need to provide access to various content authors. In most of cases, content authors used to say “This item is not accessible”, “my account is having issues with accessing WFFM” etc… To support them and resolve the issue, you may need to request the user whether you can reset their account to check the issue. Once the issue is fixed, you need to ask them change their password.

RunAs module will help the admins to run the Sitecore Backend as like other user i.e. Run the content tree as a different user without their password. Seems to be a security violation!!! There is an option of sending alerts to the configured mail address and also to the defective account user email.

You can download the module here. Download the zip file as it is and install it using Installation Wizard.

Once the module is installed in the Sitecore, you can browse the RunAs page as below.

Following validations/alerts are in place:
  • Requestor should be a Sitecore admin user or should be part of “Sitecore RunAs” role.
  • Requestor account will be validated with their password.
  • Once logged in, a mail will be sent to the configured mail addresses and it can be sent to the impersonated user as well.

Login screen for the Run as different user. I used the same Sitecore login UI.

Requestor      : Admin or a user in “Sitecore RunAs” Role
Password       : Requestor Password
Run As           : User to be impersonated (use domain as well ex: Sitecore\user1)

Configurations: /App_Config/Include/Sitecore.SharedSource.RunAs.config
RunAsFromAddress                – From address used for sending mails
RunAsAdminEmailAddresses   – To addresses for sending mails

Sample Mail:
Run As - Audit Log

8/7/2013 8:01:07 PM

Run As
Requested By
Requested Url
IP Address
Machine Name

Popular posts from this blog

How to use SecurityDisabler and UserSwitcher in Sitecore v6.5 – 6

If current context user doesn’t have permission to access this item, Sitecore will return null or throw exception. 
Note: It is recommended to provide context user with appropriate rights than using SecurityDisabler or UserSwitcher.SecurityDisabler:  !SecurityDisabler will elevate the context user to have administrative privilegeand so context user will be able to do anythingon the Sitecore.SecurityModel.SecurityDisabler();UserSwitcher:UserSwitcher allows a segment of code to run under a specific user instead of current context user. new Sitecore.Security.Accounts.UserSwitcher(Sitecore.Security.Accounts.User.FromName("username",false));Sample Code        ///<summary>/// Code snippets explaining SecurityDisabler and UserSwitcher///</summary>privatevoid SecuritySample()        {//Getting Master Database            Sitecore.Data.Database masterDB = Sitecore.Configuration.Factory.GetDatabase("master");//Getting a Sitecore Item            Sitecore.…

How to access Sitecore Items in Code Behind (Sitecore v6.5) – 4

To get a Sitecore Content Item, use Sitecore.Data.Database.GetItem(Path)
­Sitecore Content Item Class: Sitecore.Data.Items.Item(Get Sitecore Item from “/sitecore/content/Home/myItem”)Sitecore.Data.Database master = Sitecore.Configuration.Factory.GetDatabase("master");Sitecore.Data.Items.Item myItem = master.GetItem("/sitecore/content/Home/myItem");If item does not exist or current context user doesn’t have permission to access this item, Sitecore will return null or throw exception. Case is Insensitive while using path to get the items.To get a Sitecore Template Item, use Sitecore.Data.Database.GetTemplate(ID)­Sitecore Template Item Class: Sitecore.Data.Items.TemplateItem(Get Template Item: Folder Template)Sitecore.Data.Items.TemplateItem item = master.GetTemplate(Sitecore.TemplateIDs.Folder);To get a Sitecore Media Item, use Sitecore.Data.Database.GetItem(Path)­Sitecore Media Item Class: Sitecore.Data.Items.MediaItem(Get Media Item from “/sitecore/content/Media Lib…

How to enable Single Sign On in Sitecore with Active Directory Users and Roles

(Assuming that reader has knowledge on Single Sign On)

Single sign on functionality needs the site not to be in anonymous authentication. In IIS, Basic or Windows authentication should be enabled.
How to enable windows authentication in IIS?
Single sign on functionality comes along with Active Directory Module from Sitecore. You can get the latest version from SDN. This module integrates AD to the Sitecore instance. This module needs the LDAP path and few provider configuration settings in web.config file.
SDN Link:
This module installs LDAP dll, configuration and few aspx pages. Once installed, we get the LDAP login page under /website/Sitecore/admin/ldaplogin.aspx. Along with that, we will be having few more roles in Sitecore.
sitecore\Sitecore Client Account Managing sitecore\Sitecore Client Authoring sitecore\Sitecore Client Configuring sitecore\Sitecore Client Designing sitecore\Sitecore Client Developing sitecore\Sitecore Client Forms Autho…