Implementing Impersonation in ASP.NET

It is easy to implement impersonation in ASP.Net. You can use the Web.config file that is found in the root directory of the application to enable or disable impersonation for a particular application.

The application can also use the authenticated identity that is received from the IIS if you enable impersonation. If you are going to implement impersonation for an ASP.Net application you can do so in three ways.

Just open up the web.config file, found in the root directory of the application. By default impersonation is disabled and you can find this with the line,

<identity impersonate="false" />

With the above settings the application worker process account for the ASP.Net application is used. You can enable impersonation by,

<identity impersonate="true" />

With this setting an authenticated user account or the anonymous internet user account is used. If you want to enable impersonation for a particular user account then you have to use the following syntax.

<identity impersonate="true" userName="user_name" password="user_password" />

By mentioning the user like this ASP.Net uses that account specifically to run the application.