Identity in asp.net 2.0

It's realy complicated. Please make sure the difference between the Application_BeginRequest event and duration page excution //operation system thread identity (win32) System.Security.Principal.WindowsIdentity.GetCurrent(); //managed thread identity System.Threading.Thread.CurrentPrincipal.Identity; //asp.net user identity (may be GenericPricipal) HttpContext.Current.User.Identity; // consider the client user windows identity that logon to iis Request.LogonUserIdentity; 再加上多種變化

1. 使用者有無 windows identity (ex:有無登入domain?)
2. IIS 上有無勾選 anonymous?有無勾選windows intergration?
3. application pool 上的 identity 是跑哪一個？(network service? local system? domain user?)
4. web.config 上設的authentication mode (None, Winows, Forms)
5. web.config 上有無設 ? 是否有指定 username, password?

這些變化，在Request 進行的過程中(befault autentication, page execution, async thread)，上述四種identtity都可能有不同的值。而這些值都是有意義的。 It's really complicated.