Home   |   QuickStart Welcome   |   ASP.NET   |   Web Services   |   How Do I...?   
  |   I want my samples in...      

ASP.NET 2.0 Quickstart Tutorials

Windows-based Authentication

When you use ASP.NET Windows authentication, ASP.NET attaches a WindowsPrincipal object to the current request. This object is used by URL authorization. The application can also use it programmatically to determine whether a requesting identity is in a given role.

if(User.IsInRole("Administrators")) {

The WindowsPrincipal class determines roles by NT group membership. Applications that want to determine their own roles can do so by handling the WindowsAuthentication_OnAuthenticate event in their Global.asax file and attaching their own class that implements System.Security.Principal.IPrincipal to the request, as shown in the following example:

// Create a class that implements IPrincipal
public class MyPrincipal : IPrincipal {
  // implement application-defined role mappings

// In a Global.asax file:
public void WindowsAuthentication_OnAuthenticate(Object Source, WindowsAuthenticationEventArgs e) {
  // Attach a new application-defined class that implements IPrincipal to
  // the request.
  // Note that since IIS has already performed authentication, the provided
  // identity is used.
  e.User = new MyPrincipal(e.Identity);

The following sample shows how to access the name of an authenticated user, which is available as User.Identity.Name. Programmers familiar with ASP should note that this value is also still available as the AUTH_USER server variable. Prior to running this application, make sure the settings in IIS are set to require only Integrated Windows authentication for the sample application. This will force a security handshake between the browser and the sample application.

VB Windows Authentication
Run Sample View Source