What is Impersonation and How to Use it in ASP.NET


Impersonation is the process used by ASP.NET to execute code in the context of an authenticated and authorized user.

Basically when IIS gets a request it check for the authorization of the user if he/she is authorized or not, by default, all ASP.NET code is executed using a fixed machine-specific account. If you want to change it then you can do this by using Impersonation.

Behind The Scene

Lets go a bit dipper to understand the use of it. Each time a request goes to IIS server the ASP.NET runs a security check to find if the user is authorized or not. And mostly ASP.NET uses the machine specific user account.

Consider a scenario where you are logged on to a web application through your credentials and there you are trying to access a page which has a web service, that is being called to another computer. In this case your identity will not be shown in the web service's server instead the network credential(IIS credential) will be used for authentication.

For this reason, you can use impersonation to use your credentials for authentication in the second computer instead the network credentials.

And in ASP.NET you can do this in two manners like below;
  • Use an anonymous internet user account/authenticated user account.
  • Use a specific user account.
This thing can be done by turning the impersonate attribute to "true" in the identity element of the web config file.
  <identity impersonate="true" />
In this case ASP.NET impersonates to the authenticated user or to an anonymous internet user account.
  <identity impersonate="true"  userName="domain\username" password=" password"/>
In this case ASP.NET impersonates to a specific user account.

Happy Coding...

No comments:

Post a Comment