IIS Authentication vs. WindowsIdentity

Discussion in 'ASP .Net Security' started by Steve Lynch, Sep 2, 2006.

  1. Steve Lynch

    Steve Lynch Guest

    Why do I get different results from WindowsIdentity.GetCurrent().Name than what
    is defined for authentication on the IIS virtual directory? For example in IIS6
    I have the VD set to Windows Integrated Authentication only, yet the property
    WindowsIdentity.GetCurrent().Name or WindowsIdentity.GetCurrent(false).Name
    contains "NT AUTHORITY\NetworkService". The server variables seem wrong,
    AUTH_USER and REMOTE_USER are empty, but LOGON_USER contains the correct
    DOMAIN\USER info.

    This seems different than traditional .ASP pages under IIS6.

    Steve Lynch, Sep 2, 2006
    1. Advertisements

  2. Steve Lynch

    Joe Kaplan Guest

    Context.User will always contain the authenticated user in ASP.NET.
    Context.User is just an IPrincipal (which can be a WindowsPrincipal), so
    that it can accomodate other types of authentiation mechanisms like Forms
    and such.

    WindowsIdentity.GetCurrent will only be the authenticated user in IIS if you
    enable impersonation (<identity impersonate="true"/> in web.config).
    Impersonation is disabled by default in ASP.NET. This is different from
    ASP, which always impersonated and gave you no flexibility in this regard.

    If you enable impersonation, Context.User.Identity and
    WindowsIdentity.GetCurrent will be the same thing (assuming you are using
    Windows auth in ASP.NET and IIS of course).


    Joe K.
    Joe Kaplan, Sep 2, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.