What Is The Difference Between Environment.UserName and WindowsIdentity.GetCurrent().Name?

I was doing some security code review for WinForms app and the code was trying to get current user for Security Decisions Logic Use. So the code that was used looked like this:

string userName = Environment.UserName

After that line userName variable would hold current user's name - perfect...

Not really. Consider the following code:

lblWindowsIdentity.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
lblEnvironement.Text = Environment.UserName;

This would produce the following result:

First one gives me fully qualified name for logged on user including her domain name and the second one only the logon name.

Now, if I base my code only on userName (e.g. Environment.UserName) without domain then I'd surely be hacked by someone by setting local user with the same name as the domain one, thus the following:

localMachine\Administrator

myDomain\Administrator

Would produce the same result - Administrator. But are these administrators the same?

here is more on that http://www.cthrall.com/blog/?p=21

Cheers