Loading ...

Impersonation in ASP.NET | CodeAsp.Net

Impersonation in ASP.NET

 /5
0 (0votes)

Impersonation is used when we want our ASP.NET application to assume the identity of the local windows account instead of using custom authentication. In order to access any Windows resource on such systems, you have to configure your ASP.NET application to use impersonation. You can use these settings in web.config to turn on the impersonation:

<authentication mode="Windows" />
<identity impersonate="true"/>

By default ASP.NET runtime does not use impersonation (unless you enable it in web.config), and the code runs in an IIS 6/7 application pool by default (like on Windows 2003 and above). This IIS application pool runs under the NT AUTHORITY\Network Service identity. On an OS with IIS 5, the ASP.NET applications run in a worker process that uses the local ASPNET account identity.

Impersonation can be implemented in two ways:

1. Configured Impersonation: If you use <impersonation="true"> in web.config, you are using built-in impersonation capability in ASP.NET. This will let the user impersonate for the entire duration of the request.

2. Programmatic Impersonation: You can write custom code using Windows API method calls in C#/VB.NET (as .NET does not have a managed wrapper for this) to impersonate a user for the entire duration of a request. If you want more control, such as the ability to impersonate a user for only part of the page request, you have to do the impersonation yourself in your code following this approach. Here you need to use WindowsIdentity.Impersonate() method as shown in this article: http://msdn.microsoft.com/en-us/library/ms998351.aspx

For impersonating users across the domain, we need to use delegation: http://msdn.microsoft.com/en-us/library/ms998355.aspx

Windows authentication and Impersonation are very useful when you are developing a web application for Intra-net systems.But it is less-flexible than using custom authentication.

Comments (no comments yet)

Top Posts