Sample ASPX page to show security details in ASP.NET

by rahul 4/5/2009 9:50:40 AM

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. I had this page posted here, but it was in VB.NET and I have been experiencing some issues with my previous blog site, so I am cross posting it here in C# for future reference. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.

 

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
    protected void btnShowInfo_Click(object sender, EventArgs e)
    {
        StringBuilder strInformation = new StringBuilder();
        try
        {
            strInformation.Append("");
            strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
            strInformation.Append("Windows Identity = " + GetWindowsIdentity() + "<BR>");
            strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");
            Response.Write(strInformation);

        }
        catch (Exception ex)
        {
            Response.Write(ex.Message + "<BR>" + ex.StackTrace);
        }
        finally
        {
            strInformation = null;
        }
    }

    private string GetHTTPContext()
    {
        return(HttpContext.Current.User.Identity.Name);
    }

    private string GetWindowsIdentity()
    {
        return(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
    }

    private string GetThreadInformation()
    {
        return (System.Threading.Thread.CurrentPrincipal.Identity.Name);
    }
    
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>.NET Security Demo</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Button ID="btnShowInfo" runat="server" Text="Show Information" 
            onclick="btnShowInfo_Click" />
        <BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. 
        <BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. 
        <BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
        <BR><HR><A href="http://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A>
        <BR><A href="http://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!
    </div>
    </form>
</body>
</html>

 

Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)…

 image

Just changing the impersonate to true changes the account to…

 image

 

Read about the Security Identity Matrix

How does IIS & ASP.NET Processing work

Hope this helps!
Rahul

Tags:

ASP.NET

blog comments powered by Disqus

Who is Rahul?

Rahul

He works for Microsoft and likes Software & Gadgets!

He shares some interesting notes here while working with stuff that excites him.

Disclaimer

The opinions expressed herein are our own personal opinions and do not represent our employer's view in any way.
© Copyright 2014, Rahul Soni