What are the differences (behind the scenes) between Page.User.Identity and Request.LogonUserIdentity? Not the differences in type, name, etc but the differences in how they're implemented behind the scenes (i.e. one calls windows xxx api and the other calls asp.net xxx api...).
+2
A:
It depends on what mechanism you are using to authenticate users, and what settings you have for impersonation.
For example, under the VS development server, using Forms authentication, the standard SQL membership provider and the following code:
// m_LoggedIn is a Literal control on the page:
m_LoggedIn.Text = string.Format("<br />Page.User.Identity: {0} " +
"<br />Request.LogonUserIdentity: {1}",
Page.User.Identity.Name,
Request.LogonUserIdentity.Name);
I get the following output:
Page.User.Identity: zhaph
Request.LogonUserIdentity: [ComputerName]\Ben
The first line (Page.User.Identity) is the forms authentication account I've logged into the site with, the second line is the windows identity the request is running under - as I've not enabled impersonation, this is my windows logon as that's the account the web server is running under.
In terms of the API's, HttpRequest.LogonUserIdentity is calling into the WindowsIdentity class, which will always represent a Windows user account, while Page.User is creating a object which implements IPrinciple, which allows you to represent a user using a number of different backing stores - for example the SQL database structure supplied by the MembershipProvider.
Zhaph - Ben Duguid
2010-02-02 23:21:27