<%@ Page Language="C#" MasterPageFile="~/aspnet/section.master" %> <%@ Register TagPrefix=Acme Namespace=Acme %> <%@ Register TagPrefix="Acme" TagName="SourceRef" Src="~/util/SrcRef.ascx"%>

Windows-based Authentication

When you use ASP.NET Windows authentication, ASP.NET attaches a WindowsPrincipal object to the current request. This object is used by URL authorization. The application can also use it programmatically to determine whether a requesting identity is in a given role.

if(User.IsInRole("Administrators")) { DisplayPrivilegedContent(); } If User.IsInRole("Administrators") Then DisplayPrivilegedContent() End If
The WindowsPrincipal class determines roles by NT group membership. Applications that want to determine their own roles can do so by handling the WindowsAuthentication_OnAuthenticate event in their Global.asax file and attaching their own class that implements System.Security.Principal.IPrincipal to the request, as shown in the following example:

// Create a class that implements IPrincipal public class MyPrincipal : IPrincipal { // implement application-defined role mappings } // In a Global.asax file: public void WindowsAuthentication_OnAuthenticate(Object Source, WindowsAuthenticationEventArgs e) { // Attach a new application-defined class that implements IPrincipal to // the request. // Note that since IIS has already performed authentication, the provided // identity is used. e.User = new MyPrincipal(e.Identity); } ' Create a class that implements IPrincipal Public Class MyPrincipal : Inherits IPrincipal ' Implement application-defined role mappings End Class ' In a Global.asax file Public Sub WindowsAuthentication_OnAuthenticate(Source As Object, e As WindowsAuthenticationEventArgs) ' Attach a new application-defined class that implements IPrincipal to ' the request. ' Note that since IIS has already performed authentication, the provided ' identity is used. e.User = New MyPrincipal(e.Identity) End Sub
The following sample shows how to access the name of an authenticated user, which is available as User.Identity.Name. Programmers familiar with ASP should note that this value is also still available as the AUTH_USER server variable. Prior to running this application, make sure the settings in IIS are set to require only Integrated Windows authentication for the sample application. This will force a security handshake between the browser and the sample application.