.NET Security and Cryptography

Implementing ASP.NET Impersonation

Impersonation, instead of writing ASP.NET code for authentication and authorization, employs IIS to authenticate the user. If the user is authenticated, it passes an authenticated token to the ASP.NET application; otherwise, it passes an unauthenticated token. In an ASP.NET application, if the impersonation is enabled, ASP.NET assumes the client identity and relies on the settings in the NTFS directories and files to permit or deny the request. If impersonation is disabled, it runs with the local machine identity. For ASP compatibility, impersonation is disabled by default.

To enable impersonation, configure the configuration file in the application root directory as follows.

 <identity impersonate="true" name="Username" ...

Get .NET Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

.NET Security and Cryptography by Peter Thorsteinson, G. Gnana Arun Ganesh

Implementing ASP.NET Impersonation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly