problems understanding Authentication / Authorisation in ASP.NET 2.0.


C

cmrchs

hello,

I have problems understanding Authentication / Authorisation in
ASP.NET 2.0.

I have a simple WhoAmI.aspx page

protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
lblAuthentication.Text = "Authenticated user: " +
User.Identity.Name;
else
lblAuthentication.Text = "User not authenticated.
Anonymous access";

lblIdentity.Text = "Windows identity: " +
WindowsIdentity.GetCurrent().Name;
} // Page_Load()


Settings in web.config are as follows:

<authentication mode="Windows" />
<identity impersonate="false" />

<authorization>
<allow users="*" />
</authorization>

IIS 7.0 has Anonymous Authentication enabled

I log in as Chris (administrator of the machine), and browsing to the
page the output is:

Authenticated user: MyPC\Chris
Windows identity: MyPC\Chris


Additionally checking for
_windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator)
i get TRUE


Then, I create a new administrator user called 'Bob'
I am using Windows Vista Home Premium so I can switch to user Bob and
when browsing to the same page i get a completely different result
namely:

User not authenticated. Anonymous access
Windows identity: NT AUTHORITY\NETWORK

how come???

Checking for
_windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator)
i get FALSE ???

what is happening here?

thank you
Chris
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top