Updated ShowContexts and Request.LogonUserIdentity

In ASP.NET you have to juggle with a number of identities, e.g.

  • The account of the worker process
  • The account of the client (= Context.User / Thread.CurrentPrincipal)
  • The Thread identity (when client/application impersonation is used)
  • The outcome of IIS authentication (used by the FileAuthorizationModule)

This can be confusing, e.g. when IIS is set to anonymous, but ASP.NET <authentication> is set to Windows (the default), you may wonder why the IUSR_ account needs read access to the .aspx files. This is because the FileAuthorizationModule uses the the security context that resulted from IIS authentication to check if the user is authorized.

In ASP.NET 2.0 you can now access this identity, too. It is stored in Request.LogonUserIdentity. So if you should need to impersonate the account that is set in IIS for anonymous access, this is now easily possible. I have updated the ShowContext.aspx helper, to show you all four identities. Nice for troubleshooting.

ShowContexts2.zip (1.24 KB)


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s