What is Identity Impersonation?

4 views
Skip to first unread message

.NetIndia

unread,
Oct 21, 2005, 7:21:55 AM10/21/05
to dotNetIndia
 
 
What is Identity Impersonation?
 


--
Regards,
.NetIndia Group,
"There is no delight in owning anything unshared."
"A book lying idle on a shelf is wasted ammunition. Like money, books must be kept in constant circulation. Lend and borrow to the maximum -- of both books and money! But especially books, for books represent infinitely more than money. A book is not only a friend, it makes friends for you. When you have possessed a book with mind and spirit, you are enriched. But when you pass it on you are enriched threefold."

Blog:http://dotnetindia.blogspot.com/
 

Thread

unread,
Oct 21, 2005, 12:41:58 PM10/21/05
to .NetIndia
Read this

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconImpersonation.asp

Regards
Thread

BabuLives

unread,
Oct 25, 2005, 2:36:33 AM10/25/05
to .NetIndia
hai Groups..

Using impersonation, ASP.NET applications can optionally execute the
code using the identity of the client on whose behalf they are
operating.ASP will use Impersonation by default ie it will execute the
code using the client's account.But in ASP.Net it's not the case,it
does not use impersonation and instead executes all code using the same
user account as the ASP.NET process which is ASPNET (Alias of
MACHINE).In Internet Information Services (IIS) 6, the default identity
is the NetworkService account.

If you enable impersonation, ASP.NET can either impersonate the
authenticated identity received from IIS or one specified in the
application's Web.config file. You have the following three options
when configuring impersonation:

#Impersonation is disabled.
This is the default setting. For backward compatibility with ASP, you
must enable impersonation and change the ASP.NET process identity to
use the Local System account. In this instance, the ASP.NET thread runs
using the process token of the application worker process regardless of
which combination of IIS and ASP.NET authentication is used. By
default, the process identity of the application worker process is the
ASPNET account.

<identity impersonate="false" />

#Impersonation enabled.
In this instance, ASP.NET impersonates the token passed to it by IIS,
which is either an authenticated user or the anonymous Internet user
account (IUSR_machinename).

<identity impersonate="true" />

#Impersonation enabled for a specific identity.
In this instance, ASP.NET impersonates the token generated using an
identity specified in the Web.config file.

<identity impersonate="true" userName="domain\user" password="password"
/>

Note: Once IIS authenticate the request it will attach a token with
that request and then the request is passed to the ASP.Net

Regards,
Satheesh

Reply all
Reply to author
Forward
0 new messages