A sample aspx page to show the security details
This is a pretty small sample to help you figure out the ASP.NET identity matrix and how it comes in effect. I am posting this since quite often we need to troubleshoot security related issues on a production website and making any Application level changes become really difficult.
What you can do now is to create a sample page called SecurityTest.aspx in the Virtual Directory where you are having security related issues and paste the following code...
<%@ Page Language="VB" %>
<script runat="server">
Protected Sub btnShowInfo_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim strInformation As New StringBuilder
Try
strInformation.Append("")
strInformation.Append("Http Context = " & GetHTTPContext() & "<BR>")
strInformation.Append("Windows Identity = " & GetWindowsIdentity() & "<BR>")
strInformation.Append("Thread Information = " & GetThreadInformation() & "<BR>")
Response.Write(strInformation)
Catch ex As Exception
Response.Write(ex.Message)
Finally
strInformation = Nothing
End Try
End Sub
Private Function GetHTTPContext() As String
GetHTTPContext = HttpContext.Current.User.Identity.Name
End Function
Private Function GetWindowsIdentity() As String
GetWindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString
End Function
Private Function GetThreadInformation() As String
GetThreadInformation = Threading.Thread.CurrentPrincipal.Identity.Name
End Function
</script>
<head runat="server">
<title>.NET Security Demo</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="btnShowInfo" runat="server" Text="Show Information" OnClick="btnShowInfo_Click" />
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. <BR> <B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. <BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.<BR><HR><A href="https://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A><BR><A href="https://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!
</div>
</form>
</body>
</html>
You can change your web.config file and set impersonation = true/false and authentication mode to windows/forms etc and see how your identity matrix looks like. This sample comes in pretty handy when I need to show some ASP.NET security related stuff to anyone.
Read about the Security Identity Matrix
How does IIS & ASP.NET Processing work!
Hope this helps!
Rahul
Comments
Anonymous
February 19, 2007
PingBack from http://mhinze.com/links-for-2007-02-14/Anonymous
April 28, 2007
Rahul - Nice post! You may find useful my series of posts on the same subject with how-to, including tshoot using monitoring tools http://blogs.msdn.com/alikl/archive/2007/04/11/authentication-hub.aspx Enjoy AlikAnonymous
May 08, 2007
Hello! Great site! I've found a lot information here. I don't know how to thank you. I hope you'll be writing more and more. Thank you again. Bye.Anonymous
May 09, 2007
Hello! Very interesting. Thank you.Anonymous
November 12, 2009
Please give C# code :)Anonymous
November 12, 2009
I have posted it here long back Amit, http://www.dotnetscraps.com/dotnetscraps/post/Sample-ASPX-page-to-show-security-details-in-ASPNET.aspx HTH