how can I tell if impersonation is working in ASP.Net web app?



In order for my ASP.Net application to access a database using my
privileged account, I was told to set up an app using Integrated
Windows authentication and to use impersonation. I set the app to use
Integrated Windows authentication and disabled anonymous access, and
made sure the application was set to
<authentication mode="Windows" />
in Web.config. I know I got that part working because when I access an
..aspx page with

User name: <%=User.Identity.Name%>

in it, it displays this when I load it in the browser:

User name: BENNETTS_3_2002\Owner

(where "BENNETTS_3_2002" is my machine name). I have also added this
tag inside the <system.web> tag in the Web.config file:

<identity impersonate="true"/>

However, is there any way to verify that now the code in the codebehind
file is running under my identity, i.e. that the impersonation is

The hack that I implemented was to put this code into: Page_Load:

System.Diagnostics.Process p = new System.Diagnostics.Process();
p.StartInfo.FileName = "C:\\Program Files\\Windows

and then after loading the page, I use Task Manager to see that it did
indeed launch a new instance of Wordpad.exe -- except that Wordpad.exe
is running under the "ASPNET" username, instead of my username. This
seems to suggest that impersonation is not, in fact working, and the
code is still running under the ASPNET username instead of under my
account. What can I check to see if I did something wrong?



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question