IIS Authentication vs. WindowsIdentity

Discussion in 'ASP .Net Security' started by Steve Lynch, Sep 2, 2006.

  1. Steve Lynch

    Steve Lynch Guest

    Why do I get different results from WindowsIdentity.GetCurrent().Name than what
    is defined for authentication on the IIS virtual directory? For example in IIS6
    I have the VD set to Windows Integrated Authentication only, yet the property
    WindowsIdentity.GetCurrent().Name or WindowsIdentity.GetCurrent(false).Name
    contains "NT AUTHORITY\NetworkService". The server variables seem wrong,
    AUTH_USER and REMOTE_USER are empty, but LOGON_USER contains the correct
    DOMAIN\USER info.

    This seems different than traditional .ASP pages under IIS6.

    Thanks.
    Steve Lynch, Sep 2, 2006
    #1
    1. Advertising

  2. Steve Lynch

    Joe Kaplan Guest

    Context.User will always contain the authenticated user in ASP.NET.
    Context.User is just an IPrincipal (which can be a WindowsPrincipal), so
    that it can accomodate other types of authentiation mechanisms like Forms
    and such.

    WindowsIdentity.GetCurrent will only be the authenticated user in IIS if you
    enable impersonation (<identity impersonate="true"/> in web.config).
    Impersonation is disabled by default in ASP.NET. This is different from
    ASP, which always impersonated and gave you no flexibility in this regard.

    If you enable impersonation, Context.User.Identity and
    WindowsIdentity.GetCurrent will be the same thing (assuming you are using
    Windows auth in ASP.NET and IIS of course).

    HTH,

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Steve Lynch" <> wrote in message
    news:...
    >
    > Why do I get different results from WindowsIdentity.GetCurrent().Name than
    > what is defined for authentication on the IIS virtual directory? For
    > example in IIS6 I have the VD set to Windows Integrated Authentication
    > only, yet the property WindowsIdentity.GetCurrent().Name or
    > WindowsIdentity.GetCurrent(false).Name contains "NT
    > AUTHORITY\NetworkService". The server variables seem wrong, AUTH_USER and
    > REMOTE_USER are empty, but LOGON_USER contains the correct DOMAIN\USER
    > info.
    >
    > This seems different than traditional .ASP pages under IIS6.
    >
    > Thanks.
    >
    >
    Joe Kaplan, Sep 2, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Burton

    WindowsPrincipal and WindowsIdentity.

    Kevin Burton, Jan 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    7,388
    bruce barker
    Jan 8, 2004
  2. Razak
    Replies:
    8
    Views:
    890
    Razak
    Jul 27, 2004
  3. =?ISO-8859-1?Q?J=F6rn_von_Holten?=

    WindowsIdentity... ASP.NET and Remoting

    =?ISO-8859-1?Q?J=F6rn_von_Holten?=, Apr 13, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    605
    =?ISO-8859-1?Q?J=F6rn_von_Holten?=
    Apr 13, 2005
  4. Niclas Lindblom

    get WindowsIdentity with forms authentication

    Niclas Lindblom, Oct 10, 2003, in forum: ASP .Net Security
    Replies:
    7
    Views:
    424
    MS Newsgroups
    Oct 14, 2003
  5. Peter Larsen [CPH]

    IIS 7 and WindowsIdentity

    Peter Larsen [CPH], Jul 27, 2010, in forum: ASP .Net Security
    Replies:
    13
    Views:
    3,286
    Jerry Weng
    Aug 4, 2010
Loading...

Share This Page