Search code examples
asp.netsecurityimpersonationwindows-identitycurrent-principal

Why do Thread.CurrentPrincipal.Identity and WindowsIdentity.GetCurrent() differ when impersonation is turned on?


I enabled impersonation and Windows authentication.

<authentication mode="Windows" />
<identity impersonate="true" userName="name" password="passord"/>

But Thread.CurrentPrincipal.Identity.Name returns the name of authenticated user and WindowsIdentity.GetCurrent() returns impersonated identity.

Shouldn't these identities be the same?

And under which credentials does the code run in this case?


Solution

  • As far as I can understand the Thread.CurrentPrincipal contains the information of conditions the thread has been started with, including the WindowsIdentity. That's why Thread.CurrentPrincipal.Identity.Name returns the name of User who started the thread. To the contrary WindowsIdentity.GetCurrent() Returns a WindowsIdentity object that represents the current Windows user, which has been changed via Impersonation. I'm not 100% sure about it, but that's how I think it works.