First, I wrote the following code on the page to output three different credential types.
Response. Write ("thread:" + thread. currentprincipal. Identity. Name + "<br/> ");
Response. Write ("windws identity:" + windowsidentity. getcurrent (). Name + "<br/> ");
Response. Write ("httpcontext:" + User. Identity. Name + "<br/> ");
Thread: the identity of the output hosting thread.
Window identity: Output OS identity. Generally, it is nt authority \ network service, because. Net frameworkboarding is in w3wp.exe (IIS> 6.0 ).
Httpcontext: identifies the current context credential.
If you are using Windows authentication, thread and httpcontext are empty, but Windows identity is: nt authority \ network service.
Therefore, if you set impersonate = 'true', then Windows identity: nt authority \ IUSR
Because impersonate simulates the window account.
If you are using Forms authentication, log on:
Thread: Gary
Windws identity: nt authority \ Network Service
Httpcontext: Gary
So we can see that thread and httpcontext are set in the hosting environment. By the way, when you enable Windows authentication, you want to set form authentication to enable authority.
<Authorization>
<Allow roles = "role1"/>
<Deny users = "*"/>
</Authorization>
The error 401 unauthority is always returned. Because it is not an adminstrate Group