Testing intranet site that uses Windows authentication

I'm trying to develop an intranet app/website that uses Windows authentication.

I'd like to test it with multiple users, for roles etc.

At the moment I'm only using开发者_运维问答 my own domain account. Is there a way I could simulate different users for the site?

As a picture is worth a thousand words here it goes how to do it in IE based on 2GDev's comment copied here for clarity:

Go to Internet Options => Security => Local Intranet => Custom Level and change the User Authentication to "Prompt for username and password"

Click OK then Apply. Close the browser. Reopen it and point it to the website's URL you want to debug. You should happily see the login prompt where you can login with a different User account to simulate concurrency for example (this is what I'm doing right now here):

When you use Windows Authentication you can change your identity by running the browser as another user.

In windows, go to the browser exe (or a shortcut), right-click on the icon and select "Run as.." from the menu. This will prompt you to specify the username and password to run the account under.

Provided the identity you specify has access to the machine you are running on, the browser will then be running "as" identity specified. If you browse to a site using Windows Authentication, it will authenticate using the identity specified, instead of your own.

Use Impersonation...

From MSDN

Impersonation

An ASP.NET application can use impersonation to perform operations and access resources with the security context of the authenticated client or of a specific Windows account.

And in your web.config

<identity impersonate="true" username="TestUser" password="P@ssw0rd" />

How about to install and run the Virtual PC with some ready for download installed systems from MS ?

By running a virtual pc on your computer you can emulate connections to your pc and at the same time, its looks like a diferent computer, with diferent Ip.

In my case, there are db tables with users and their properties. In users table got login field (Domain/UserName). Also got custom Identity and Principal, which using this table to authenticate user in global.asax autherticate_request method.

To simulate different users in debug mode, there is special control rendered in master page (or layout page for mvc). It contain select box with all users, and apply button.

On server side after apply button click in session pushed emulated user login and sending refresh to response.

So in next authenticate event occured checking for emulated user login in session and if it exists then authenticate continues based on emulateded login.

Bad side: need sync service to always have actual user table based on current AD.