Sample ASPX page to show security details in ASP.NET

by Rahul 4/10/2009 2:20:00 AM

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. I had this page posted here, but it was in VB.NET and I have been experiencing some issues with my previous blog site, so I am cross posting it here in C# for future reference. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.

 

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void btnShowInfo_Click(object sender, EventArgs e)
{
StringBuilder strInformation = new StringBuilder();
try
{
strInformation.Append("");
strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
strInformation.Append("Windows Identity = " + GetWindowsIdentity() + "<BR>");
strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");
Response.Write(strInformation);
}
catch (Exception ex)
{
Response.Write(ex.Message + "<BR>" + ex.StackTrace);
}
finally
{
strInformation = null;
}
}
private string GetHTTPContext()
{
return(HttpContext.Current.User.Identity.Name);
}
private string GetWindowsIdentity()
{
return(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
}
private string GetThreadInformation()
{
return (System.Threading.Thread.CurrentPrincipal.Identity.Name);
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>.NET Security Demo</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="btnShowInfo" runat="server" Text="Show Information" 
onclick="btnShowInfo_Click" />
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. 
<BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. 
<BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
<BR><HR><A href="http://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A>
<BR><A href="http://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!
</div>
</form>
</body>
</html>

 

 

Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)…

 image

Just changing the impersonate to true changes the account to…

 

 

 

 

 

 

 

 image

 

 

Read about the Security Identity Matrix

How does IIS & ASP.NET Processing work

Hope this helps!
Rahul

Tags: , , , ,

.NET | IIS | Tips and Tricks | Troubleshooting | Web Server

blog comments powered by Disqus