2

i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login:

Web.Config

<authentication mode="Windows">
    <forms
    name=".ADAuthCookie"
    timeout="10" />
</authentication>

<membership defaultProvider="MyADMembershipProvider">
  <providers>
    <clear/>
      <add
         name="MyADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionUsername="MYDOMAIN\myuser"
         connectionPassword="xxx"
         />
  </providers>                 
</membership>

This works nicely, as I can do the following to get the users username like this:

User.Idenity.Name()  'Gives MYDOMAIN\myuser

Looking at the following, actually makes me confused:

Threading.Thread.CurrentPrincipal.Identity.Name() 'Gives MYDOMAIN\myuser

1. Shouldn't the thread identity be IUSR_WORKSTATION or ASPNET_WP username?
2. What's the difference between Authentication and Impersonation?

Ropstah
  • 17,538
  • 24
  • 120
  • 194

1 Answers1

1

myuser is the Authenticated user on that application, that's why your CurrentPrincipal is giving you MYDOMAIN/myuser. The application impersonates IUSR_WORKSTATION when it uses resources like the database, and is a completely different issue.

If you go to Project on your toolbar, and select ASP.NET Configuration, it will open a website that lets you access these settings and create users, roles etc.

Mark Dickinson
  • 6,573
  • 4
  • 29
  • 41
  • 1
    Is Authentication more ASP.NET related and Impersonation more IIS related, or is this total nonsense? – Ropstah May 14 '09 at 11:07
  • I've just ran into my first problem... I've just moved the website to my local IIS server. However the automated login doesn't work anymore... User.Identity.Name() is empty...? Is this a Web.Config setting which is wrong, or should I set IIS? (which settings does the integrated webserver for VS2008 have that IIS doesn't have set? – Ropstah May 14 '09 at 11:10
  • That's my understanding really, Impersonation is how apps (web apps, or whatever) use resources via IIS. – Mark Dickinson May 14 '09 at 11:11
  • 1
    I'm not really sure why you would want to have this. Wouldn'y you be better off with anonymous access rather than an automatic logon? – Mark Dickinson May 14 '09 at 11:22
  • Well you only really need to know the identity if you are using some area of the site that needs a logged on user. If you use the asp:Login control for insance, a lot of this will be taken care of for you. – Mark Dickinson May 14 '09 at 11:28
  • Ah thanks. I've figured that I can use the Windows Identity (it's for intranet). This also allows me to check isInRole(). I'll request permission to add/remove custom Groups on the server so I can handle Roles. Can I still use default .NET components (Profile for instance) with this approach (authentication mode="none")? – Ropstah May 14 '09 at 11:35
  • Actually it's not really working as expected, i think it's still my lack of knowledge about this issue. I'm starting a new question for this.. Thanks – Ropstah May 14 '09 at 11:45