Difference between accessing authentication info

  • Thread starter Thread starter TS
  • Start date Start date
T

TS

In these 2 snippets, "user" references 2 different things in my app:
-------------------------------------------------
Dim ident As System.Security.Principal.WindowsIdentity =
System.Security.Principal.WindowsIdentity.GetCurrent()
Dim User As New System.Security.Principal.WindowsPrincipal(ident)
&

HttpContext.Current.User
-------------------------------------------------

I'm using impersonation, and the first snippet's user.identity.name is the
name of my impersonated account. In the 2nd snippet, the user.identity.name
is my windows logged on account

I have impersonation on, but if I didn't, I guess the first snippet's
user.identity.name would point to the ASPNET worker process, or would it
mimick the 2nd code snippet

Then we have System.Threading.Thread.CurrentPrincipal.Identity, which seems
to always point to the windows logged on account.

Can you please decipher these different forms of querying

thanks
 
Hi TS,

As for the difference between the
System.Security.Principal.WindowsIdentity.GetCurrent()
System.Threading.Thread.CurrentPrincipal.Identity
and HttpContext.Current.User....

Here are my understandings:
1. The System.Security.Principal.WindowsIdentity.GetCurrent() will return
the current execute user. In asp.net I think it'll be the account as which
the workerprocess is acting. That's why when we use impersonate, that'll
return the one as we impersonated, if not, it'll return the asp.net 's
workerprocess account(is machine\aspnet in iis5 by default).

2. The System.Threading.Thread.CurrentPrincipal represent the .net role
based IPrincipal object of the current Thread, it can be different types
such as GeneralPrincipal ,WindowsPrincipal or FormsPrincipal, it all
depends on the PrincipalPolicy of the application's AppDomain, here is the
reference in MSDN:

#PrincipalPolicy Enumeration
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityPrinci
palPrincipalPolicyClassTopic.asp?frame=true

3.The HttpContext.Current.User infact is the particular version of the
System.Threading.Thread.CurrentPrincipal. Because in ASP.NET every request
is processed by a single workerthread and the HttpContext.Current.User is
just the current workthread's IPrincipal object , just as the
System.Threading.Thread.CurrentPrincipal. You can printout both of theirs
properties to have a check. Also, in asp.net if we didn't use Windows
Authenticaiton in web.config, we can have FormsPrincipal/FormsIdentity or
GenericPrincipal/GeneralIdentity which can help implement custom role-based
security.
Here are some further resoures on ASP.NET's security:
#ASP.NET Authentication
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetauthenticati
on.asp?frame=true

#ASP.NET Web Application Security
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetwebapplicati
onsecurity.asp?frame=true

Hope also help. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

web.config and Anonymous Authentication problems ??? 0
how can I tell if impersonation is working in ASP.Net web app? 1
Impersonating and Windows Authentication 1
Starting up Windows Program from a webform with current users's authentication 4
System.UnauthorizedAccessException: Access is denied. - Excel Application. 2
Difference in DefaultCredentials bewtween IIS6 and IIS7 in IP mode in PostAuthenticate when Imperson 3
security issue, access denied, impersonate 2
Delegatoin w/ Protocol transition in a Windows 2000 native domain 2

Back
Top