How to use WindowsIdentity class in Windows Authentication in VB.NET

When your project is based on Windows authentication you can access some additional information about the currently authenticated user by casting the general identity object to a WindowsIdentity object. The next table lists additional members provided by WindowsIdentity:

 

Member

Description

IsAnonymousReturns true if the user is anonymous (has not been authenticated).
IsGuest

Returns true if the user is using a Guest account. Guest accounts are designed for public access and do not confer many privileges

IsSystemThis property returns true if the user account has the Act As Part of the Operating System permission, which means it is a highly privileged system account.
GroupsRetrieves a collection that contains instances of IdentityReference classes, which returns the SID values for the groups the user is in.
TokenThis property returns the Windows account token for the identity.
OwnerGets the SID for the token owner.
User

Gets the user’s SID. You can use this SID if you want to change permissions for this user on ACLs through the classes provided in the System.Security.AccessControl namespace.

Impersonate()You can use this method to run a code under the corresponding Windows account.
GetAnonymous()This static method creates a WindowsIdentity that represents an anonymous user.
GetCurrent()

This static method creates a WindowsIdentity that represents the identity tied to the current security context i.e. the user whose identity the current code is running under. By using this method in an ASP.NET application, you can retrieve the user account under which the code is running, not the user account that was authenticated by IIS and is provided in the User object.

 

You can use the next code line if you want to display extra Windows-specific information about the user:

 

If Request.IsAuthenticated Then

lblInfoText.Text = “<b>Name: </b>” + User.Identity.Name

Dim Identity As WindowsIdentity = DirectCast(User.Identity, WindowsIdentity)

lblInfoText.Text += “<br><b>Token: </b>”

lblInfoText.Text += Identity.Token.ToString()

lblInfoText.Text += “<br><b>Guest? </b>”

lblInfoText.Text += Identity.IsGuest.ToString()

lblInfoText.Text += “<br><b>System? </b>”

lblInfoText.Text += Identity.IsSystem.ToString()

End If

 

The next picture shows the result:

 

Showing Windows-specific user information in VB.NET

Showing Windows-specific user information in VB.NET