A sample aspx page to show the security details

This is a pretty small sample to help you figure out the ASP.NET identity matrix and how it comes in effect. I am posting this since quite often we need to troubleshoot security related issues on a production website and making any Application level changes become really difficult.

What you can do now is to create a sample page called SecurityTest.aspx in the Virtual Directory where you are having security related issues and paste the following code...

<%@ Page Language="VB" %>
<script runat="server">
    Protected Sub btnShowInfo_Click(ByVal sender As Object, ByVal e As System.EventArgs)
        Dim strInformation As New StringBuilder
            strInformation.Append("Http Context = " & GetHTTPContext() & "<BR>")
            strInformation.Append("Windows Identity = " & GetWindowsIdentity() & "<BR>")
            strInformation.Append("Thread Information = " & GetThreadInformation() & "<BR>")
        Catch ex As Exception
            strInformation = Nothing
        End Try
    End Sub
    Private Function GetHTTPContext() As String
        GetHTTPContext = HttpContext.Current.User.Identity.Name
    End Function
    Private Function GetWindowsIdentity() As String
        GetWindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString
    End Function
    Private Function GetThreadInformation() As String
        GetThreadInformation = Threading.Thread.CurrentPrincipal.Identity.Name
    End Function
<head runat="server">
    <title>.NET Security Demo</title>
    <form id="form1" runat="server">
        <asp:Button ID="btnShowInfo" runat="server" Text="Show Information" OnClick="btnShowInfo_Click" />
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. <BR> <B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. <BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.<BR><HR><A href="http://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A><BR><A href="http://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!

You can change your web.config file and set impersonation = true/false and authentication mode to windows/forms etc and see how your identity matrix looks like. This sample comes in pretty handy when I need to show some ASP.NET security related stuff to anyone.

Read about the Security Identity Matrix
How does IIS & ASP.NET Processing work!

Hope this helps!

Comments (6)

  1. Alik Levin says:

    Rahul – Nice post!

    You may find useful my series of posts on the same subject with how-to, including tshoot using monitoring tools




  2. Hello! Great site! I’ve found a lot information here. I don’t know how to thank you. I hope you’ll be writing more and more.

    Thank you again. Bye.

  3. Max R. says:

    Hello! Very interesting. Thank you.

  4. Meet2 says:

    Please give C# code 🙂

Skip to main content