Windows-based Authentication
When you use ASP.NET Windows authentication, ASP.NET attaches a WindowsPrincipal object to the current request. This object is used by URL authorization. The application can also use it programmatically to determine whether a requesting identity is in a given role.
If User.IsInRole("Administrators") Then
DisplayPrivilegedContent()
End If
VB
The WindowsPrincipal class determines roles by NT group membership. Applications that want to determine their own roles can do so by handling the
WindowsAuthentication_OnAuthenticate event in their Global.asax file and attaching their own class that implements System.Security.Principal.IPrincipal to the request, as shown in the following example:
' Create a class that implements IPrincipal
Public Class MyPrincipal : Inherits IPrincipal
' Implement application-defined role mappings
End Class
' In a Global.asax file
Public Sub WindowsAuthentication_OnAuthenticate(Source As Object, e As WindowsAuthenticationEventArgs)
' Attach a new application-defined class that implements IPrincipal to
' the request.
' Note that since IIS has already performed authentication, the provided
' identity is used.
e.User = New MyPrincipal(e.Identity)
End Sub
VB
The following sample shows how to access the name of an authenticated user, which is available as User.Identity.Name. Programmers familiar with ASP should note
that this value is also still available as the AUTH_USER server variable. Prior to running this application, make sure the settings in IIS are set to require only Integrated Windows authentication for the sample application. This will force a security handshake between the browser and the sample application.
VB Windows Authentication
|