This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 40%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
I am building an application Blazor Serverside) where a user can join, get a membership (Customer) and then fill out information on various pages.
The other pathway is that they hire someone to do this for them (Pro) and that someone may ask them to login and fill out some of the information, or they may not ask this of them.
I want to have the Pro accounts be able to login as any of their clients, and also to create new accounts. (ProClient)
Since Pro is already logged in and verified I would like to allow Pro to just create accounts on behalf of the ProClient accounts and if they are so inclined they may send that person the login.
Additionally I would like to be able to have a regular user (Customer) be able to turn their account over to the Pro account by selecting (and paying) the one Pro they want.
With the exception of this arrangement all users are firewalled from each other.
My idea on how to do this is to give the super user the ability to hotswap between logins by clicking on a list of their ProCient.
The Roles are "Pro,ProClient,Customer"
This was not originally a requirement but I happened to set it up like this so I wouldn't have to login each time I wanted to test a different user configuration. Now I would like to do it in this way I did when I was just using it as a convenient method of testing for actual users.
so, my question is, is there a problem with this way of having one user handle many accounts?
These seems slightly less safe than normal because the Pro account is more of a security risk than typical, but that can be mitigated, such as with requiring an extra round of authentication, does anyone see anything more wrong with it than this?
If so what are the additional risks and how might I mitigate them?
thanks,
so, my question is, is there a problem with this way of having one user handle many accounts?
Only the superuser should have all power and handle all subordinate accounts.