When do I use impersonation in ASP.NET 2.0?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

You should use impersonation in an ASP.NET application when you need to access local resources using security context of the original caller or a fixed identity. Impersonation of the authenticated caller is established with the following configuration

<identity impersonate="true"/>

By default any resources accessed by ASP.NET application are accessed under the security context of the ASP.NET process identity. In IIS 6.0 that is the NT Authority\Network Service account by default. Furthermore, impersonation can be fixed for the lifetime of the entire HTTP request or it can be enabled programmatically.

More Information

For more information on using impersonation, see “How To: Use Impersonation and Delegation in ASP.NET 2.0” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000023.asp

Personal tools