Sample ASPX page to show security details in ASP.NET

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.

<%@ Page Language="C#" %>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<script runat="server">  
protected void btnShowInfo_Click(object sender, EventArgs e)  
{
  StringBuilder strInformation = new StringBuilder();
  try
  {
    strInformation.Append("");
    strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
    strInformation.Append("Windows Identity = " +   GetWindowsIdentity() + "<BR>");
    strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");
    Response.Write(strInformation);
  }
  catch (Exception ex)
  {
    Response.Write(ex.Message + "<BR>" + ex.StackTrace);
  }
  finally
  {
    strInformation = null;
  }
}
private string GetHTTPContext()  
{
  return(HttpContext.Current.User.Identity.Name);
}
private string GetWindowsIdentity()  
{
 return(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
}
private string GetThreadInformation()  
{
  return (System.Threading.Thread.CurrentPrincipal.Identity.Name);
}
</script>  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head id="Head1" runat="server">  
<title>.NET Security Demo</title>  
</head>  
<body>  
<form id="form1" runat="server">  
<div>  
<asp:Button ID="btnShowInfo" runat="server" Text="Show Information"  
onclick="btnShowInfo_Click" />  
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client.  
<BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread.  
<BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.  
<BR><HR><A href="http://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A>  
<BR><A href="http://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!  
</div>  
</form>  
</body>  
</html>  

Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)...

Impersonate = false Just changing the impersonate to true changes the account to..

Impersonate = true

Read about the Security Identity Matrix
How does IIS & ASP.NET Processing work

Hope this helps!
Rahul

Rahul Soni

⌘⌘ Entrepreneur. Author. Geek. ⌘⌘

Kolkata, India

Subscribe to Attosol Technologies

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!