Using Impersonation and Delegation in ASP.NET
After reading Chapter 13 on getting users authenticated and reading this chapter on getting users authorized, you should have a good understanding of how to figure out getting users identities when they attempt to access a resource. One use for this information is to allow the server to impersonate the user or client. By default, in the machine.config file and the web.config file, impersonation is turned off (set to false). Listing 14.14 shows this element in its default setting from a web.config file. Enabling impersonation is quite easy; it requires you to set the impersonation attribute of the identity element to true. But wait, there's more. Before using this feature, there is a bit to understand ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.