I'm trying to understand the purpose of IPrincipal and IIdentity or just Principal objects in general.
From what I've been reading from MSDN. IIdentity describes the user that is authentication and any information about them.
and IPrincipal is the context in which the user was authenticated.
Am I correct about these two explanations? What's really throwing me off in the article is the "security context" for principal, I'm not sure I truly understand what that means.
I am a bit confused
You have it in the very next sentence
The principal object represents the security context under which code is running. Applications that implement role-based security grant rights based on the role associated with a principal object.
Technically, the IPrincipal adds roles on top of IIdentity. It does so by requiring the IsInRole method
http://msdn.microsoft.com/pl-pl/library/system.security.principal.iprincipal.isinrole(v=vs.110).aspx
This is how roles are inspected by the client code and thus role-based security is established.
