Sample ASPX page to show security details in ASP.NET

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.

<%@ Page Language="C#" %>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">  
<script runat="server">  
protected void btnShowInfo_Click(object sender, EventArgs e)  
  StringBuilder strInformation = new StringBuilder();
    strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
    strInformation.Append("Windows Identity = " +   GetWindowsIdentity() + "<BR>");
    strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");
  catch (Exception ex)
    Response.Write(ex.Message + "<BR>" + ex.StackTrace);
    strInformation = null;
private string GetHTTPContext()  
private string GetWindowsIdentity()  
private string GetThreadInformation()  
  return (System.Threading.Thread.CurrentPrincipal.Identity.Name);
<html xmlns="">  
<head id="Head1" runat="server">  
<title>.NET Security Demo</title>  
<form id="form1" runat="server">  
<asp:Button ID="btnShowInfo" runat="server" Text="Show Information"  
onclick="btnShowInfo_Click" />  
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client.  
<BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread.  
<BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.  
<BR><HR><A href="">Read about the Security Identity Matrix</A>  
<BR><A href="">How does IIS & ASP.NET Processing work</a>!  

Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)...

Impersonate = false Just changing the impersonate to true changes the account to..

Impersonate = true

Read about the Security Identity Matrix
How does IIS & ASP.NET Processing work

Hope this helps!

What next?

Well, stay tuned for upcoming articles. Say hi, share this article, leave a comment or Subscribe now to stay updated through our newsletter. Also, check out our services or contact us at for your software and consultancy requirements.


Rahul Soni

⌘⌘ Entrepreneur. Author. Geek. ⌘⌘

Kolkata, India

Subscribe to Attosol

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!