Why do Thread.CurrentPrincipal.Identity and WindowsIdentity.GetCurrent() differ when impersonation is turned on?

About

Asked 13/8, 2013 at 9:32 Answered 13/8, 2013 at 12:9

Solved asp.net security impersonation windows-identity current-principal

I enabled impersonation and Windows authentication.

<authentication mode="Windows" />
<identity impersonate="true" userName="name" password="passord"/>

But Thread.CurrentPrincipal.Identity.Name returns the name of authenticated user and WindowsIdentity.GetCurrent() returns impersonated identity.

Shouldn't these identities be the same?

And under which credentials does the code run in this case?

Aaronson answered 13/8, 2013 at 9:32 Comment(0)

As far as I can understand the Thread.CurrentPrincipal contains the information of conditions the thread has been started with, including the WindowsIdentity. That's why Thread.CurrentPrincipal.Identity.Name returns the name of User who started the thread. To the contrary WindowsIdentity.GetCurrent() Returns a WindowsIdentity object that represents the current Windows user, which has been changed via Impersonation. I'm not 100% sure about it, but that's how I think it works.

Grenoble answered 13/8, 2013 at 12:9 Comment(1)

Works exactsly as you told. Thread.CurrentPrincipal is set as the result of authentication. Be it Basic, Digest, Windows or Forms authentication. This principle in nothing more than a ticket recieved form user. And WindowsIdentity related to running thread and process. If only Windows auth. is enabled and impersonation is on then identities will be the same. If anonymous login is enabled then CurrentPrinciple.Identity has empty name. – Aaronson 14/8, 2013 at 14:6

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags