ASP.NET Membership - Which user is authenticated and which user is impersonated?

Question

i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login:

Web.Config

<authentication mode="Windows">
    <forms
    name=".ADAuthCookie"
    timeout="10" />
</authentication>

<membership defaultProvider="MyADMembershipProvider">
  <providers>
    <clear/>
      <add
         name="MyADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionUsername="MYDOMAIN\myuser"
         connectionPassword="xxx"
         />
  </providers>                 
</membership>

This works nicely, as I can do the following to get the users username like this:

User.Idenity.Name()  'Gives MYDOMAIN\myuser

Looking at the following, actually makes me confused:

Threading.Thread.CurrentPrincipal.Identity.Name() 'Gives MYDOMAIN\myuser

1. Shouldn't the thread identity be IUSR_WORKSTATION or ASPNET_WP username?
2. What's the difference between Authentication and Impersonation?

Answer 1

myuser is the Authenticated user on that application, that's why your CurrentPrincipal is giving you MYDOMAIN/myuser. The application impersonates IUSR_WORKSTATION when it uses resources like the database, and is a completely different issue.

If you go to Project on your toolbar, and select ASP.NET Configuration, it will open a website that lets you access these settings and create users, roles etc.