Impersonation:
Impersonation is the process of executing code in the context of another user identity. By default, all ASP.NET code is executed using a fixed machine-specific account. To execute code using another identity we can use the built-in impersonation capabilities of ASP.NET. We can use a predefined user account or user's identity, if the user has already been authenticated using a windows account.
We can use the impersonation in this two scenarios:
-
To give each web application different permissions.
-
To use existing Windows user permission.
These two scenario are fundamentally different. In the first one, impersonation defines a single, specific account. In this case, no matter what user access the application, and no matter what type of user-level security you use, the code will run under the account you've set. In the second one, the user must be authenticated by IIS. The web-page code will then execute under the identity of the appropriate user.
Implement Impersonation:
Impersonate the Microsoft IIS Authenticated Account or User:
To impersonate the IIS authenticating user on every request for every page in an ASP.NET application, we must include an <identity> tag in the Web.config file of this application and set the impersonate attribute to true.
<identity impersonate="true" />
Impersonate a Specific User:
To impersonate a specific user for all the requests on all pages of an ASP.NET application, you can specify the userName and password attributes in the <identity> tag of the Web.config file for that application.
<identity impersonate="true" userName="AccountNAME" password="Password" />