I have now solved this by doing an override of the existing functionality. Providing code here for others reference:
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Volo.Abp.Account.Web.ExtensionGrants;
using Volo.Abp.Data;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Identity;
using Volo.Abp.MultiTenancy;
using Volo.Abp.OpenIddict.ExtensionGrantTypes;
namespace xxx.xxxxxx
{
public class ExtendedImpersonationExtensionGrant : ImpersonationExtensionGrant
{
protected IDataFilter _dataFilter { get; set; }
public override Task<IActionResult> HandleAsync(ExtensionGrantContext context)
{
_dataFilter = ServiceProviderServiceExtensions.GetRequiredService<IDataFilter>(context.HttpContext.RequestServices);
return base.HandleAsync(context);
}
protected async override Task<IActionResult> ImpersonateUserAsync(ExtensionGrantContext context, ClaimsPrincipal principal, Guid? tenantId, Guid userId)
{
if (!tenantId.HasValue && !this.currentTenant.IsAvailable)
{
IdentityUser foundUser = null;
using (_dataFilter.Disable<IMultiTenant>())
{
// host user
foundUser = await this.userManager.FindByIdAsync(userId.ToString());
}
if (foundUser != null) // impersonate directly into user in tenant!
{
return await base.ImpersonateUserAsync(context, principal, foundUser.TenantId, foundUser.Id);
}
}
return await base.ImpersonateUserAsync(context, principal, tenantId, userId);
}
protected async override Task<IActionResult> BackToImpersonatorAsync(ExtensionGrantContext context, ClaimsPrincipal principal, Guid? tenantId, Guid userId)
{
IdentityUser foundUser = null;
using (_dataFilter.Disable<IMultiTenant>())
{
// host user
foundUser = await this.userManager.FindByIdAsync(userId.ToString());
}
if (foundUser != null && !foundUser.TenantId.HasValue) // Possible to revert back to host user
{
return await base.BackToImpersonatorAsync(context, principal, foundUser.TenantId, foundUser.Id);
}
return await base.BackToImpersonatorAsync(context, principal, tenantId, userId);
}
}
}
this.Configure<AbpOpenIddictExtensionGrantsOptions>((Action<AbpOpenIddictExtensionGrantsOptions>)(options =>
{
options.Grants.Remove("Impersonation");
options.Grants.Add("Impersonation", (IExtensionGrant)new ExtendedImpersonationExtensionGrant());
}));
Then it works calling the following in Angular - and you can log in to a user under a tenent directly from a host and back again using standard functions:
this.impersonationService.impersonateUser(entity.id).subscribe((result) => {
this.toaster.success('::Logged in - please wait');
})
So the function impersonate in ImpersonationService that have tenantid and userid as parameters - this does not work?
I knew how to do this in Identity Server - but have no reference for Openiddict - do have no code for now! Just trying to use the impersonate function. And I can see that the call is made and that the payload is correct when looking at ImpersonateUser or ImpersonateTenant. But the server code somehow does not work correctly.
This is a major issue - cannot build anything right now! Currently using an older version 5.1.1 - and that does not work either:
error NU1103: Unable to find a stable package Volo.Abp.Identity.Pro.Domain with version (>= 5.1.1) [/src/src/Pinebits.xxxx.DbMigrator/Pinebits.xxxx.DbMigrator.csproj]
error NU1103: - Found 39 version(s) in ABP Commercial NuGet Source [ Nearest version: 6.0.0-preview20220525 ] [/src/src/Pinebits.xxxx.DbMigrator/Pinebits.xxxx.DbMigrator.csproj]
error NU1103: - Found 0 version(s) in nuget.org [/src/src/Pinebits.xxxx.DbMigrator/Pinebits.xxxx.DbMigrator.csproj]
error NU1103: - Found 0 version(s) in BlazoriseMyGet [/src/src/Pinebits.xxxx.DbMigrator/Pinebits.xxxx.DbMigrator.csproj]