Well, I think the title is clear enough.
The biggest difference is that they do not have to be the same.
Generally speaking, HttpContext.Current.User is the logon user (when it is called on a worker thread) while Thread.CurrentPrincipal is the worker process identity.
On IIS 5.x, Thread.CurrentPrincipal by default is ASPNET. On IIS 6 and above, Thread.CurrentPrincipal by default is Network Service (or the application pool identity you change to).
To make it complex, if you enable ASP.NET impersonation, then both of them might be the same as the logon user.
Try to read some really good books on this topic and Microsoft MSDN articles,
http://msdn.microsoft.com/en-us/library/ms998351.aspx
Another suggestion is to use a debugger to attach to the worker process and check those at runtime. That can give you a better look.
Note that
HttpContext.Current.Useris not the best way to query logon user identity. You should stick toPage.Userfor WebForms, andController.Userfor MVC, andApiController.Userfor Web API.