Identity Impersonation in .NET

With impersonation enabled the application code is relieved off the duty to authenticate and authorize a particular user. Instead the IIS will be doing this to get the identity of the client.

Upon authentication the IIS passes a token to the application code. Based on the type of authentication token, the application uses the NTFS settings of the directories to allow the user access to them. By default impersonation is disabled and the token for the anonymous user is given to the application.

To enable impersonation you have to use a configuration file at the application root level. For this you can put a configuration file in the application root directory. In that configuration file you should have a line like,

< identity impersonate = “false” />

which is the default setting. To enable impersonation you have to change that attribute value of ‘impersonate’ to that of ‘true’. This would enable impersonation. To impersonate a particular user the syntax would be,

<identity impersonate = “true” name = “name_of_user” password = “pwd_for_user” />

With such impersonation the entire application will run as “name_of_user”.