I was recently asked how to identify the user your ASP.NET application uses to authenticate as. This can be a simple question or a bit more involved. Let’s start with the simple answers first.
Default Accounts:
Windows XP, Windows 2000, and earlier (you should NOT be caring about earlier!):
ASPNET – this is created automatically by the .NET Framework
Windows Vista, Windows 2003, and newer:
NETWORK_SERVICE
Overridden Examples:
Just because that is the default, it doesn’t mean that it is that way for your application. The first place to check is in the Advanced Settings for your Application Pool. This should tell you the account your application will default to if you don’t override it within your application.
Next, you can check your web.config to see if you’re application is impersonating a user. This is the next level of defaults to check. (and perhaps machine.config too, but you should probably NOT be overriding it there!) This will override the above defaults.
Now that you have checked there, the next thing to do is identify what type of IIS Authentication is being used. If anonymous, then you’re done – it will default to the above defaults in that overriding order. If you’re using ASP.NET impersonation, then that should default to the above as well. If you’re using Basic, Digest, Forms, or Windows authentication, then the authentication will be based on the user that the end-user logs in as.
Things can get even trickier if you do things in code, but generally this will figure it out for you.
-Shane