ASP.NET Impersonation for a specific user

Impersonation is the way to control the identity that is used to execute the application. By default impersonation is disabled and the default ASPNET account is used for that purpose.

However it is possible to enable impersonation so that the application can be run by a different user with different permission levels. To enable impersonation you can edit the web.config file and change the line,

<identity impersonate="false" /> to that of
<identity impersonate="true" />.

This will enable impersonation. If you want to run the application as a different user, you can do so by using the following code,

<identity impersonate="true" username="user_name" password="user_password" />

Impersonation is usually used to control access to the resources available. Care must be taken while implementing impersonation since some of the user might have administrative privileges.

With such permission they might have access to all resources which might be undesirable. So use impersonation with care when you are implementing it for a particular user.