Security in .NET Impersonation

Impersonation in .Net allows you to run an application in a particular user account which is determined by you. Usually the account in which the application runs is ASPNET or NETWORK SERVICE depending on the version of IIS you are running in your machine.

With IIS 5.0 the ASPNET account is used and it is not possible to override this account in the web.config file. In the IIS 6.0 you can configure this in the web.config file so that you can run the application on a different user account.

In the web.config file you can include the line,
<identity impersonate = “true” /> to enable impersonation. You can also impersonate for a particular user with the syntax, <identity impersonate = “true” username = “user_name” password = “user_pwd” />

So with the configuration in the web.config file you can run the application under a different user account. Although you might have different authentication models the underlying account in which the application runs is not changed. The security context is not changed although authentication is a tool. With classic ASP, this is not possible.

Google, Yahoo, Facebook set aside rivalry to fight spam
The Web giants said they have teamed up with Bank of America, PayPal and others to combat spam and phishing.

Daily Record: Arrests
• Lance Hare, 28, Yankton was arrested Wednesday for breach of conditions by Yankton County.

Court notice to police for not filing FIR against Kumble
The Karnataka High Court Friday served notice to the Bangalore police commissioner for not registering an FIR against former cricketer Anil Kumble in an impersonation and forgery case.

Visit .NET Programming Tutorial Homepage

______________________________________________________

Recommended Resource

Amazon.com Widgets