Why do I get different results from WindowsIdentity.GetCurrent().Name than what
is defined for authentication on the IIS virtual directory? For example in IIS6
I have the VD set to Windows Integrated Authentication only, yet the property
WindowsIdentity.GetCurrent().Name or WindowsIdentity.GetCurrent(false).Name
contains "NT AUTHORITY\NetworkService". The server variables seem wrong,
AUTH_USER and REMOTE_USER are empty, but LOGON_USER contains the correct
DOMAIN\USER info.

This seems different than traditional .ASP pages under IIS6.

Thanks.

Context.User will always contain the authenticated user in ASP.NET.
Context.User is just an IPrincipal (which can be a WindowsPrincipal), so
that it can accomodate other types of authentiation mechanisms like Forms
and such.

WindowsIdentity.GetCurrent will only be the authenticated user in IIS if you
enable impersonation (<identity impersonate="true"/> in web.config).
Impersonation is disabled by default in ASP.NET. This is different from
ASP, which always impersonated and gave you no flexibility in this regard.

If you enable impersonation, Context.User.Identity and
WindowsIdentity.GetCurrent will be the same thing (assuming you are using
Windows auth in ASP.NET and IIS of course).

HTH,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
[quoted text, click to view]