«

This is more of a solution that raised a question.

I have a Web service that does not allow anonymous users.
For debugging I put in the following lines in my Web
Service:

WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
wi.Impersonate();

My question was the the first WindowsIdentity returned
from GetCurrent shows MACHINE\ASPNET (MACHINE is the name
of the machine) yet the WindowsIdentity returned from
CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name
of the domain I am logged in as a domain user when I am
running this). The Web service needs to access a database
and the ASPNET account cannot be used to access the
database. It seems that Impersonate() makes the
identity "correct". My question is why is GetCurrent and
CurrentPrincipal different? Under what conditions will
they be different? Why does Impersonate make them the
same?

Thank you for your help in understanding this.

Kevin Burton

asp.net broke out the authenication identity (who called this page -
Principle) from the security identity used by the thread servicing the page.
the default is for the page threads to run under the asp.net account.

you can achieve the same result without code by specifing in you web.config:

<identity impersonate="true" />

note: if the user hitting the site is is not logged on the local machine
(try hitting you site from another box) the Impersonated identity is not a
primmary token, so can not be used to access resources (say a sqlserver) on
another box.

-- bruce (sqlwork.com)


"Kevin Burton" <> wrote in message
news:072b01c3d579$f3cc08a0$...
> This is more of a solution that raised a question.
>
> I have a Web service that does not allow anonymous users.
> For debugging I put in the following lines in my Web
> Service:
>
> WindowsIdentity wi = WindowsIdentity.GetCurrent();
> WindowsPrincipal wp = Thread.CurrentPrincipal as
> WindowsPrincipal;
> wi = wp.Identity as WindowsIdentity;
> wi.Impersonate();
>
> My question was the the first WindowsIdentity returned
> from GetCurrent shows MACHINE\ASPNET (MACHINE is the name
> of the machine) yet the WindowsIdentity returned from
> CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name
> of the domain I am logged in as a domain user when I am
> running this). The Web service needs to access a database
> and the ASPNET account cannot be used to access the
> database. It seems that Impersonate() makes the
> identity "correct". My question is why is GetCurrent and
> CurrentPrincipal different? Under what conditions will
> they be different? Why does Impersonate make them the
> same?
>
> Thank you for your help in understanding this.
>
> Kevin Burton
>
>
>