Sample ASPX page to show security details in ASP.NET

by rahul 4/5/2009 9:50:40 AM

This may come in handy if you are trying to troubleshoot security related issues in ASP.NET. I had this page posted here, but it was in VB.NET and I have been experiencing some issues with my previous blog site, so I am cross posting it here in C# for future reference. All you have to do is create a page (say security.aspx) and open it up in Notepad. Paste the following code, and you should be good.


<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

<script runat="server">
    protected void btnShowInfo_Click(object sender, EventArgs e)
        StringBuilder strInformation = new StringBuilder();
            strInformation.Append("Http Context = " + GetHTTPContext() + "<BR>");
            strInformation.Append("Windows Identity = " + GetWindowsIdentity() + "<BR>");
            strInformation.Append("Thread Information = " + GetThreadInformation() + "<BR>");

        catch (Exception ex)
            Response.Write(ex.Message + "<BR>" + ex.StackTrace);
            strInformation = null;

    private string GetHTTPContext()

    private string GetWindowsIdentity()

    private string GetThreadInformation()
        return (System.Threading.Thread.CurrentPrincipal.Identity.Name);

<html xmlns="">
<head id="Head1" runat="server">
    <title>.NET Security Demo</title>
    <form id="form1" runat="server">
        <asp:Button ID="btnShowInfo" runat="server" Text="Show Information" 
            onclick="btnShowInfo_Click" />
        <BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. 
        <BR><B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. 
        <BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.
        <BR><HR><A href="">Read about the Security Identity Matrix</A>
        <BR><A href="">How does IIS & ASP.NET Processing work</a>!


Let’s take a look at a sample output when you have identity impersonate = false (for a web site with Anonymous authentication in IIS 6)…


Just changing the impersonate to true changes the account to…



Read about the Security Identity Matrix

How does IIS & ASP.NET Processing work

Hope this helps!



blog comments powered by Disqus

Who is Rahul?


He likes to troubleshoot IIS and SharePoint Performance issues.

Freelance Consultant.

Founder - AttoSol Technologies.


The opinions expressed herein are our own personal opinions and do not represent our employer's view in any way.
© Copyright 2015, Rahul Soni