Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Differences between Page.User.Identity vs Request.LogonUserIdentity

What are the differences (behind the scenes) between Page.User.Identity and Request.LogonUserIdentity? Not the differences in type, name, etc but the differences in how they're implemented behind the scenes (i.e. one calls windows xxx api and the other calls asp.net xxx api...).

like image 629
jameszhao00 Avatar asked Feb 02 '10 19:02

jameszhao00


1 Answers

It depends on what mechanism you are using to authenticate users, and what settings you have for impersonation.

For example, under the VS development server, using Forms authentication, the standard SQL membership provider and the following code:

// m_LoggedIn is a Literal control on the page:
m_LoggedIn.Text = string.Format("<br />Page.User.Identity: {0} " + 
                                "<br />Request.LogonUserIdentity: {1}",
                                Page.User.Identity.Name, 
                                Request.LogonUserIdentity.Name);

I get the following output:

Page.User.Identity: zhaph

Request.LogonUserIdentity: [ComputerName]\Ben

The first line (Page.User.Identity) is the forms authentication account I've logged into the site with, the second line is the windows identity the request is running under - as I've not enabled impersonation, this is my windows logon as that's the account the web server is running under.

In terms of the API's, HttpRequest.LogonUserIdentity is calling into the WindowsIdentity class, which will always represent a Windows user account, while Page.User is creating a object which implements IPrinciple, which allows you to represent a user using a number of different backing stores - for example the SQL database structure supplied by the MembershipProvider.

like image 60
Zhaph - Ben Duguid Avatar answered Oct 18 '22 16:10

Zhaph - Ben Duguid