What is the Use of <Identity Impersonate="true">

[Raghuram]

Hi,
What is the use of <Identity Impersonate="true" />
How can we implement this in an ASP.NET application
When are we supposed to use this.
please provide me the details with an Example.
Raghuram

 

[Lars-Erik Aabech]

Hi!

You can make your application run under another account than ASPNET. I.E.
you need access to the filesystem somewhere ASPNET doesn't have access. To
do this, you can insert the <identity> element in web.config like this:
<configuration>
<system.web>
<!-- anywhere you'd like inside system.web -->
<identity impersonate="true" userName="xx" password="xx"/>

If you're gonna use this on a production server, I recommend reading the
following article. It explains how you can move the user/pass values to the
registry instead of having them in clear text in web.config.
http://support.microsoft.com/default.aspx?scid=kb;en-us;329290

HTH,
Lars-Erik

 

[Scott Allen]

As Lars-Erik says, you can have the requests executing with a
different identity. Without a username and password in the element the
request will execute with the identity of the client, and you can
access resources on the server that the ASPNET / NETWORK SERVICE
accounts cannot get to.

 

[Brock Allen]

The other situation where you'd use this (in addition to the other replies)
is if your code needs to access a resource have you need to authenticate
as the user that's using your application. So every request would do security
checks with the credentials of the user making that request (as opposed to
a dedicated account when you specify a username/password). This requires
you to be using windows authentication.

-Brock
DevelopMentor
http://staff.develop.com/ballen