Reputation: 15928
asp.net web.config impersonation vs application pool identity
If I impersonate a user in the web.config but the application runs under an application pool which uses another identity, which identity would be used when you access resources (say files) on the server?
Another question, can you run a page under a separate identity from rest of the application?
Upvotes: 9
Views: 24264
Answers (2)
Reputation: 68400
When you access resources on the server the user will be the one specified on the impersonation configuration NOT the one on the application pool
Impersonation enabled for a specific identity. In this instance, ASP.NET impersonates the token generated using an identity specified in the Web.config file.
<identity impersonate="true"
userName="domain\user"
password="password" />
Impersonation enabled. In this instance, ASP.NET impersonates the token passed to it by IIS, which is either an authenticated user or the anonymous Internet user account.
<identity impersonate="true" />
Source: MSDN
In case you're interested, here you have an article with a Identity matrix for different impersonate scenarios.
And yes, you can impersonate programatically as Alex Dn said
Upvotes: 12
Reputation: 5553
1) In web.config.
2) You can do impersonation in code behind: http://support.microsoft.com/kb/306158
Upvotes: 0
Related Questions
- from web.config to IIS Application Pool Identities
- Impersonate tag in Web.Config
- Application pool identity or Impersonation
- In ASP.Net what is the difference between Authentication in IIS and in web.config
- WindowsIdentity.GetCurrent() vs Request.LogonUserIdentity?
- IIS App Pool Identity vs. Windows Account
- Impersonation in web.config
- IIS 7 - Authentication in IIS vs Authentication in web.config
- App pool identity versus impersonation identity?
- ASP.NET impersonations?