Impersonation is the process of executing code in the context of another user identity. By default, all ASP.NET code is executed using a fixed machine-specific account. To execute code using another identity we can use the built-in impersonation capabilities of ASP.NET. We can use a predefined user account or user's identity, if the user has already been authenticated using a windows account.
We can use the impersonation in this two scenarios:
- To give each web application different permissions.
- To use existing Windows user permission.
These two scenario are fundamentally different. In the first one, impersonation defines a single, specific account. In this case, no matter what user access the application, and no matter what type of user-level security you use, the code will run under the account you've set. In the second one, the user must be authenticated by IIS. The web-page code will then execute under the identity of the appropriate user.
Impersonate the Microsoft IIS Authenticated Account or User:
To impersonate the IIS authenticating user on every request for every page in an ASP.NET application, we must include an
<identity impersonate="true" />
Impersonate a Specific User: