When the ASP+ Windows authentication mode is used, ASP+ attaches a <b>WindowsPrincipal</b> object to the current request. This object is used by URL authorization when doing authorization and can be used programatically by the application to determine if a requesting identity is in a given role.
<div class="code"><xmp>
if( User.IsInRole("Administrators") )
{
DisplayPrivilegedContent();
}
</xmp></div>
With the WindowPrincipal class, roles are determined by NT group membership. Applications that wish to determine their own roles can do so by handling the <b>WindowsAuthentication_OnAuthenticate</b> event in their global.asax file and attaching their own class that implements <b>System.Security.Principal.IPrincipal</b> to the request, as shown in the following example.
<div class="code"><xmp>
// create a class that implements IPrincipal
public class MyPrincipal : IPrincipal
{
// implement application-defined role mappings
}
// in a global.asax file
public void WindowsAuthentication_OnAuthenticate(Object Source, WindowsAuthenticationEvent e)
{
// attach a new application defined class that implements IPrincipal to
// the request
// Note that since IIS has already performed authentication, we use the provided
// identity
e.User = new MyPrincipal(e.Identity);
}
</xmp></div>
<p>
The following sample shows how to access the name of authenticated used, which is available in as <b>User.Identity.Name</b>. Programmers familiar with ASP should note that this value is also still available as the AUTH_USER server variable.
