identity impersonation

Posted on 2005-04-25
Last Modified: 2012-08-14

I'm curious as to when it is appropriate to use <identity impersonate="true" /> in a web application?  Seems like a security nightmare.  Isn't it easier to just add appropriate permissions to the ASPNET account?  Any links / references / info would be appreciated.

Thanks - Trevor
Question by:trevorhartman
    LVL 15

    Assisted Solution

    well u can add it i gues sin cases...when u dont want to give access to aspnet account...and want some special account to handle it..which not necessarily is an administrator...

    and may be when u have subdirectories and u have diff web.config in each subdirectory ...

    may be i am nto sure...but that's a good question
    LVL 33

    Accepted Solution

    It's really good when you have an app where different users need different permissions.  For example, one of my applications has "personal folders", and only the person connected can access them, whether by the web application or through the normal file system.  Same concept applies if you are connected to sql server, and certain users have certain permissions to database objects.
    LVL 7

    Assisted Solution

    This causes the credentials to be passed from the end user.  So for instance if you wanted to give access to a web service only to specific users you would turn on identity impersonate in the web config and windows authentication in IIS.  Then you would give access to specific users or to a group that the users belong to the web service.  Its a great way to do security on a LAN.  Its pretty much useless on the open web.  We develop all of our intranet stuff this way.  

    The web config will inherit down from the root so you wont need other web configs to make it work.

    Hope that helps
    LVL 8

    Author Comment

    cool, thanks for the insight

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
    Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now