IT:AD:ASP.NET:Win Forms:Authentication
Summary
Process
Taking the following:
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
IServiceProvider serviceProvider = HttpContext.Current;
HttpWorkerRequest httpWorkerRequest =
serviceProvider.GetService(typeof(HttpWorkerRequest)) as HttpWorkerRequest;
IntPtr ptrUserToken = httpWorkerRequest.GetUserToken();
WindowsIdentity handlerWinIdentity = new WindowsIdentity(ptrUserToken);
string result = string.Format(
@"Handler Identity:{1} ({2}){0}Process:{3} ({4}){0}Page:{5}({6}){0}Thread:{7}({8}){0}",
"<br/>",
handlerWinIdentity.Name,
handlerWinIdentity.GetType(),
WindowsIdentity.GetCurrent().Name,
WindowsIdentity.GetCurrent().GetType(),
Page.User.Identity.Name,
Page.User.Identity.GetType(),
Thread.CurrentPrincipal.Identity.Name ,
Thread.CurrentPrincipal.Identity.GetType()
);
The results will be:
In Cassini
Handler Identity:DEV\Ciel (System.Security.Principal.WindowsIdentity) Process:DEV\Ciel (System.Security.Principal.WindowsIdentity) Page:DEV\Ciel(System.Security.Principal.WindowsIdentity) Thread:DEV\Ciel(System.Security.Principal.WindowsIdentity)
That's cause by default Cassini is weird, and runs unders windows auth, as you.
Anonymous Authentication
Handler Identity:NT AUTHORITY\IUSR (System.Security.Principal.WindowsIdentity) Process:DEV\NAB_WebService (System.Security.Principal.WindowsIdentity) Page:(System.Security.Principal.WindowsIdentity) Thread:(System.Security.Principal.WindowsIdentity)
The handler's set to IUSR because IIS's Authentication/Anonymous settings are set to use IUSR for Anonymous (You can configure this to be any account you want).
Notice also that Page and Thread are empty. Because it is not authenticated.
Basic Authentication
If you turn on authentication of some kind, such as Basic (note that IIS7 does not have Basic installed by default…you have to do that first) and launch ie as CORP\Me:
Handler Identity:CORP\Me (System.Security.Principal.WindowsIdentity) Process:CORP\AP (System.Security.Principal.WindowsIdentity) Page:CORP\Me(System.Security.Principal.WindowsIdentity) Thread:CORP\Me (System.Security.Principal.WindowsIdentity)
Notice Page identity and thread are set.
Windows Authentication
If you turn on authentication of some kind, and launch ie as CORP\Me:
Handler Identity:CORP\Me (System.Security.Principal.WindowsIdentity) Process:CORP\AP (System.Security.Principal.WindowsIdentity) Page:CORP\Me(System.Security.Principal.WindowsIdentity) Thread:CORP\Me (System.Security.Principal.WindowsIdentity)
Notice Page identity and thread are set.
Impersonation
Whether authenticated by Basic or Windows, the Process id is the AppPool's, until you set impersonation to true (and deal with the warning, that is solved by http://learn.iis.net/page.aspx/381/aspnet-20-breaking-changes-on-iis/).
At which point, it gets changed to:
Handler Identity:CORP\Me (System.Security.Principal.WindowsIdentity) Process:CORP\Me (System.Security.Principal.WindowsIdentity) Page:CORP\Me(System.Security.Principal.WindowsIdentity) Thread:CORP\Me(System.Security.Principal.WindowsIdentity)
Notice that the Handler's identity is now equal to the End User's.
Note: I could not get authorized using Kernel Mode=OFF. A Gareth B. question probably.
Form Authentication
See post.