Home   |   QuickStart Welcome   |   ASP.NET   |   Web Services   |   How Do I...?   
  |   I want my samples in...      

ASP.NET 2.0 Quickstart Tutorials

User Account Impersonation

As mentioned in the Security Overview, impersonation is the ability of a thread to execute in a security context different from that of the process owning the thread. What this means for a Web application is that if a server is impersonating, it is doing work using the identity of the client making the request.

By default, ASP.NET does not do per-request impersonation. This is different from ASP, which does impersonate on every request. If desired, you can configure an application to impersonate on every request with the following Configuration directive:

<identity impersonate="true" />

Since ASP.NET does dynamic compilation, enabling impersonation requires that all accounts have read/write access to the application's Codegen directory (where dynamically compiled objects are stored by the ASP.NET runtime) as well as the global assembly cache (%Windir%\assembly). Some applications require impersonation to be enabled for ASP compatibility or to use Windows authentication services.