Different security contexts in SharePoint 2007
1) string ProcessIdentity = WindowsIdentity.GetCurrent().Name;
- It has nothing to do with ASP.NET. In fact this is the lowest level of windows security programming that you can do. It basically tells you who is this thread running as?
- No matter which authentication mechanism you use in your ASP.NET applications (Windows Integrated,Forms,Basic,Digest and etc), whether you impersonate or you use anonymous access, at the end of the day they all resolve in a windows account. The above statement returns the name of that account.
- The windows account which is returned is a process identity (App pool identity, Machine identity, etc) OR impersonated user (if impersonation is used) OR anonymous access identity (if anonymous access is enabled). Bear in mind that the security context which is the result of enabling the anonymous access is ONLY used when your web parts interact with local or network resources and SharePoint is still using Process Identity to call content or configurations database, regardless of whether web application is set to use Form or Windows Integrated Authentication.
2) string ASPNetUser = Context.User.Identity.Name;
This is an ASP.NET technique to get the owner of the HTTP context. Based on authentication type, impersonation settings it might be different from one environment to another one.
3) string WssUser = SPContext.Current.Web.CurrentUser.Name;
AS mentioned din my previous blog post , this is a new class in SharePoint 2007 to extract the WSS user which gives u a more friendly name than the ASP.NET user.
Categories: Uncategorized