Hey,

In theory, the first should give you the identity of the user that is running the currently executing thread, which when running under IIS, may well be the identity of the configured Application Pool, and the second should give you the name of the currently authenticated user to your site.

Now again, in theory, depending on how your web site is set up (for example, using impersonation), these two parameters could return the exact same user.

Gary