Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
This is a pretty small sample to help you figure out the ASP.NET identity matrix and how it comes in effect. I am posting this since quite often we need to troubleshoot security related issues on a production website and making any Application level changes become really difficult.
What you can do now is to create a sample page called SecurityTest.aspx in the Virtual Directory where you are having security related issues and paste the following code...
<%@ Page Language="VB" %>
<script runat="server">
Protected Sub btnShowInfo_Click(ByVal sender As Object, ByVal e As System.EventArgs)
Dim strInformation As New StringBuilder
Try
strInformation.Append("")
strInformation.Append("Http Context = " & GetHTTPContext() & "<BR>")
strInformation.Append("Windows Identity = " & GetWindowsIdentity() & "<BR>")
strInformation.Append("Thread Information = " & GetThreadInformation() & "<BR>")
Response.Write(strInformation)
Catch ex As Exception
Response.Write(ex.Message)
Finally
strInformation = Nothing
End Try
End Sub
Private Function GetHTTPContext() As String
GetHTTPContext = HttpContext.Current.User.Identity.Name
End Function
Private Function GetWindowsIdentity() As String
GetWindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString
End Function
Private Function GetThreadInformation() As String
GetThreadInformation = Threading.Thread.CurrentPrincipal.Identity.Name
End Function
</script>
<head runat="server">
<title>.NET Security Demo</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="btnShowInfo" runat="server" Text="Show Information" OnClick="btnShowInfo_Click" />
<BR><HR><B><U>HttpContext</U></B>= HttpContext.Current.User, which returns an IPrincipal object that contains security information for the current web request. This is the authenticated Web client. <BR> <B><U>WindowsIdentity</B></U> = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. <BR><B><U>Thread</U></B> = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.<BR><HR><A href="https://msdn2.microsoft.com/en-us/library/aa302377.aspx">Read about the Security Identity Matrix</A><BR><A href="https://msdn2.microsoft.com/en-us/library/aa302376.aspx">How does IIS & ASP.NET Processing work</a>!
</div>
</form>
</body>
</html>
You can change your web.config file and set impersonation = true/false and authentication mode to windows/forms etc and see how your identity matrix looks like. This sample comes in pretty handy when I need to show some ASP.NET security related stuff to anyone.
Read about the Security Identity Matrix
How does IIS & ASP.NET Processing work!
Hope this helps!
Rahul
Comments
Anonymous
February 19, 2007
PingBack from http://mhinze.com/links-for-2007-02-14/Anonymous
April 28, 2007
Rahul - Nice post! You may find useful my series of posts on the same subject with how-to, including tshoot using monitoring tools http://blogs.msdn.com/alikl/archive/2007/04/11/authentication-hub.aspx Enjoy AlikAnonymous
May 08, 2007
Hello! Great site! I've found a lot information here. I don't know how to thank you. I hope you'll be writing more and more. Thank you again. Bye.Anonymous
May 09, 2007
Hello! Very interesting. Thank you.Anonymous
November 12, 2009
Please give C# code :)Anonymous
November 12, 2009
I have posted it here long back Amit, http://www.dotnetscraps.com/dotnetscraps/post/Sample-ASPX-page-to-show-security-details-in-ASPNET.aspx HTH