Sample ASPX page to show security details in ASP.NET

by Rahul 4/5/2009 9:50:00 AM

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. I had this page posted here, but it was in VB.NET and I have been experiencing some issues with my previous blog site, so I am cross posting it here in C# for future reference. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.


<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<script runat="server">
protected void btnShowInfo_Click(object sender, EventArgs e)
StringBuilder strInformation = new StringBuilder();
strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
strInformation.Append("Windows Identity = " + GetWindowsIdentity() + "<BR>");
strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");
catch (Exception ex)
Response.Write(ex.Message + "<BR>" + ex.StackTrace);
strInformation = null;
private string GetHTTPContext()
private string GetWindowsIdentity()
private string GetThreadInformation()
return (System.Threading.Thread.CurrentPrincipal.Identity.Name);
<html xmlns="">
<head id="Head1" runat="server">
<title>.NET Security Demo</title>
<form id="form1" runat="server">
<asp:Button ID="btnShowInfo" runat="server" Text="Show Information" 
onclick="btnShowInfo_Click" />
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. 
<BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. 
<BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
<BR><HR><A href="">Read about the Security Identity Matrix</A>
<BR><A href="">How does IIS & ASP.NET Processing work</a>!



Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)…


Just changing the impersonate to true changes the account to…











Read about the Security Identity Matrix

How does IIS & ASP.NET Processing work

Hope this helps!

Tags: , , , ,

.NET | IIS | Tips and Tricks | Troubleshooting | Web Server

blog comments powered by Disqus