Well, I think the title is clear enough.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
The biggest difference is that they do not have to be the same.
Generally speaking, HttpContext.Current.User is the logon user (when it is called on a worker thread) while Thread.CurrentPrincipal is the worker process identity.
On IIS 5.x, Thread.CurrentPrincipal by default is ASPNET. On IIS 6 and above, Thread.CurrentPrincipal by default is Network Service (or the application pool identity you change to).
To make it complex, if you enable ASP.NET impersonation, then both of them might be the same as the logon user.
Try to read some really good books on this topic and Microsoft MSDN articles,
http://msdn.microsoft.com/en-us/library/ms998351.aspx
Another suggestion is to use a debugger to attach to the worker process and check those at runtime. That can give you a better look.
Note that
HttpContext.Current.Useris not the best way to query
logon user identity. You should stick toPage.Userfor WebForms, and
Controller.Userfor MVC, andApiController.Userfor Web API.
Method 2
Another big difference is that your code doesn’t always have access to the HttpContext. (For example if you have all of your BL in an assembly that may or may not be used from a web application) While they two user accounts can be different, if you use the Thread.CurrentPrincipal then your code will always be able to get at that user object no matter where you are in your code.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0