Impersonation question

8 Jun 2005 3:06 PM

mjpmsa@yahoo.com

I need to write a simple ASP.Net application. In it, I need to
discover the current user's Windows logon name. To do this, I've
created a web.config with these contents (from another post seen here):

<configuration>
   <system.web>
      <identity impersonate = "true"/>
   </system.web>
</configuration>

Then in my web page, I can print the username with:

<% =System.Security.Principal.WindowsIdentity.GetCurrent().Name %>

My question is, if I use this technique, is the whole ASP.Net page
running in the context of the logged in user instead of ASPNET? If so,
is there another way I can get at the logged in user name without
turning on impersonation for the whole session?

Thanks,
Matt

8 Jun 2005 3:43 PM

Dominick Baier [DevelopMentor]

Hello mjp***@yahoo.com,

yes. you don't have to use impersonation to accomplish that.

Your clients identity is store in Page.User, e.g. Response.WriteLine(Page.User.Identity.Name);

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Show quoteHide quote

> I need to write a simple ASP.Net application. In it, I need to
> discover the current user's Windows logon name. To do this, I've
> created a web.config with these contents (from another post seen
> here):
>
> <configuration>
> <system.web>
> <identity impersonate = "true"/>
> </system.web>
> </configuration>
> Then in my web page, I can print the username with:
>
> <% =System.Security.Principal.WindowsIdentity.GetCurrent().Name %>
>
> My question is, if I use this technique, is the whole ASP.Net page
> running in the context of the logged in user instead of ASPNET? If
> so, is there another way I can get at the logged in user name without
> turning on impersonation for the whole session?
>
> Thanks,
> Matt

8 Jun 2005 3:51 PM

mjpmsa@yahoo.com

Excellent. Thanks.