How do I impersonate the original caller?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman


ASP.NET does not impersonate the original caller by default. If you need to impersonate the original caller, set the mode attribute of the <authentication> element in the Web.config file to Windows and the impersonate attribute of the <identity> element to true. In IIS, disable anonymous access and select Integrated Windows authentication mechanism. If you do not do this, the ASP.NET application will impersonate the anonymous IIS account IUSR_machineName. Impersonate original caller to access all the local resources from ASP.NET application using original user’s security context. With impersonation you can use operating system auditing because you can track which users have attempted to access specific resources. You can also enforce access controls on the resources for individual user accounts. For impersonating original caller, configure the web.config as follows.

<authentication mode="Windows" />
<identity impersonate="true" />

More Information

For more information on using impersonation, see “How To: Use Impersonation and Delegation in ASP.NET 2.0” at

Personal tools