Sample ASPX page to show security details in ASP.NET

by rahul 4/5/2009 9:50:40 AM

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. I had this page posted here, but it was in VB.NET and I have been experiencing some issues with my previous blog site, so I am cross posting it here in C# for future reference. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.

 

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
    protected void btnShowInfo_Click(object sender, EventArgs e)
    {
        StringBuilder strInformation = new StringBuilder();
        try
        {
            strInformation.Append("");
            strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
            strInformation.Append("Windows Identity = " + GetWindowsIdentity() + "<BR>");
            strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");
            Response.Write(strInformation);

        }
        catch (Exception ex)
        {
            Response.Write(ex.Message + "<BR>" + ex.StackTrace);
        }
        finally
        {
            strInformation = null;
        }
    }

    private string GetHTTPContext()
    {
        return(HttpContext.Current.User.Identity.Name);
    }

    private string GetWindowsIdentity()
    {
        return(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
    }

    private string GetThreadInformation()
    {
        return (System.Threading.Thread.CurrentPrincipal.Identity.Name);
    }
    
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>.NET Security Demo</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Button ID="btnShowInfo" runat="server" Text="Show Information" 
            onclick="btnShowInfo_Click" />
        <BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. 
        <BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. 
        <BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
        <BR><HR><A href="http://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A>
        <BR><A href="http://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!
    </div>
    </form>
</body>
</html>

 

Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)…

 image

Just changing the impersonate to true changes the account to…

 image

 

Read about the Security Identity Matrix

How does IIS & ASP.NET Processing work

Hope this helps!
Rahul

Tags:

ASP.NET

blog comments powered by Disqus

Disclaimer

The opinions expressed herein are our own personal opinions and do not represent our employer's view in any way.
© Copyright 2014, Rahul Soni