We have several websites that use several different tech stacks that we would like to implement user impersonation, so an admin can login as a given user, see what they see, and be able to walk them through any issues they may be encountering.
We have developed an Azure B2C custom policy (based on the sample policy found here) that gives us the claims we need. We have an Angular app where we are able to call the policy, capture the claims, and inject the values into the app in such a way to accomplish what we want.
However, we also have an ASP.NET Core Web App that uses Razor pages, and even though we are able to call the impersonation policy in much the same way, the claims in the app do not update. We can see the correct id_token, as it comes back in a hash in the rerouted URL, but we don't know of any way to inject the claims from it back into the authenticated user of the web app.
Can anyone help us better understand how to accomplish what we're trying to do? I can provide more information as needed, but just a general idea of how to move forward would be appreciated. Thanks.
