Sunday, August 30, 2009

ASP.Net Impersonation

Scenario:
ASP.Net provides impersonation options, but I still find few people not very sure about what is it and how to use it in ASP.net.

Details:
Impersonation is important security feature which enables the ability to control the identity under which code is executed. Impersonation is when ASP.NET executes code in the context of an authenticated and authorized client. By default, ASP.NET does not use impersonation and instead executes all code using the same user account as the ASP.NET process, which is typically the ASPNET account.

This is contrary to the default behavior of ASP and SharePoint, which uses impersonation by default.

Enabling Impersonation from Web Config:

<identity impersonate="true" />
Impersonation enabled for a specific identity:
<identity impersonate="true" userName="domain\user" password="password" />
Disabling Impersonation from Web Config fully:
<identity impersonate="false" />
Disabling Impersonation from Code for sometime:
<identity impersonate="true" />
using System.Web.Hosting; //Add Reference to System.Web.dll

//Any code here will runs as the application pool user

using (HostingEnvironment.Impersonate()) {
//Code here will runs as logged on user
}

//Any code here will runs as the application pool user
Articles:
ASP.Net impersonation

1 comments:

Term Papers May 13, 2010 at 5:35 AM  

I have been visiting various blogs for my term papers writing research. I have found your blog to be quite useful. Keep updating your blog with valuable information... Regards