Now that you've authenticated users who access your site, what can you do with them? Authorization and impersonation happen automatically without your intervention, but what if you need to access information about the user explicitly? For example, imagine you built a forms authentication page where the user enters her username and password. Assuming authentication is successful, the user moves into the site, the first page of which needs to display a welcome message with the user's username.
This sounds like a simple task, but may be more involved than you think. If you didn't store the user's information from the login page manually, you won't have access to it on any other page, unless you ask the user for it again.
Luckily, ASP.NET has got you covered. When you implement security in your Web site, ASP.NET attaches what is known as a Windows principal (represented by the WindowsPrincipal class). The WindowsPrincipal class allows your applications to check information about the currently authenticated user.
Unfortunately, though, dealing with Windows principals and such is not a fun task. There is a whole slew of advanced security topics that deal with principals. ASP.NET has simplified the process for you so the Windows principal objects are behind the scenes and out-of-mind (but they are there if you need to use them).
The Page object has a User property that represents the currently authenticated user; it returns a WindowsPrincipal object. This object has only one property that we're interested in: Identity. The Identity property returns a WindowsIdentity object that contains the actual user information. (It's not as complex as it sounds you'll see once we get into an example.) The WindowsIdentity class has the properties listed in Table 21.1.
Table 21.1. WindowsIdentity Properties
|Property ||Description |
|AuthenticationType ||The type of authentication used to authenticate the user. |
|IsAnonymous ||Indicates if the user is anonymous. |
|IsAuthenticated ||Indicates if the user is authenticated. |
|IsGuest ||Indicates if the user is using the system Guest account. |
|IsSystem ||Indicates if the user is using the System account. |
|Name ||The user's logon name. |
|Token ||The Windows token for the user. |
The following code snippet shows how to display the current user's logon name:
sub Page_Load(Sender as Object, e as EventArgs) lblName.Text = User.Identity.Name end sub ... <asp:Label runat="server"/>
That's all there is to it. All you really need to know about Windows principals here is the User.Identity property. This will allow you access to the user's information.