Impersonation, instead of writing ASP.NET code for authentication and authorization, employs IIS to authenticate the user. If the user is authenticated, it passes an authenticated token to the ASP.NET application; otherwise , it passes an unauthenticated token. In an ASP.NET application, if the impersonation is enabled, ASP.NET assumes the client identity and relies on the settings in the NTFS directories and files to permit or deny the request. If impersonation is disabled, it runs with the local machine identity. For ASP compatibility, impersonation is disabled by default. To enable impersonation, configure the configuration file in the application root directory as follows . [View full width]
|