What is Thread.CurrentPrincipal, and what does it do?

Thread.CurrentPrincipal is the way .NET applications represent the identity of the user or service account running the process.

It can hold one or more identities and allows the application to check if the principal is in a role through the IsInRole method.

Most authentication libraries in .NET will verify the user's credentials and set this static property on the Thread class to a new principal object.

Different threads can have different principals as they may be handling requests from different users (in ASP.NET web applications HttpContext.User is copied into Thread.CurrentPrincipal for each new request)

Since .NET 4.5, all principal classes derive from ClaimsPrincipal, enabling claims based authentication.

UPDATE: This is what a WindowsPrincipal looks like on my dev box: