Question - When do I use impersonation in ASP.NET 2.0

J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Andy Wigley, Kishore Gopalan

Applies to

ASP.NET 2.0

Answer:

You should use impersonation in an ASP.NET application when you need to access local resources using security context of the original caller or a fixed identity. Impersonation of the authenticated caller is established with the following configuration

<identity impersonate="true"/>

By default any resources accessed by ASP.NET application are accessed under the security context of the ASP.NET process identity. In IIS 6.0 that is the NT Authority\Network Service account by default. Furthermore, impersonation can be fixed for the lifetime of the entire HTTP request or it can be enabled programmatically.

Additional Resources

For more information on using impersonation, see "How To: Use Impersonation and Delegation in ASP.NET 2.0" at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000023.asp

Attributes

Author: J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Andy Wigley, Kishore Gopalan

Category: Impersonation and Delegation

filePath: ..\Libraries\patterns & practices Library\faq\d1e35d55-97ea-44d1-adaf-ec9cc4e8de43.xml

Pri: 2

Rule Type: Implementation

Source: patterns & practices Library

Status: Release

Technology: ASP.NET 2.0

Title: Question - When do I use impersonation in ASP.NET 2.0

Topic: Security

Type: Question and Answer

ID: d1e35d55-97ea-44d1-adaf-ec9cc4e8de43