Monday, September 17, 2012

What is Impersonation?

Impersonation is when ASP.NET executes code in the context of an authenticated and authorized client.

By default, ASP.NET does not use impersonation and instead executes all code using the same user account as the ASP.NET process, which is typically the ASPNET account. (ASP.NET basics you can refer about it). That means when you install IIS and .NET Framework together – process that belongs all the .NET application hosted in IIS(unless you change it manually), default runs on ASPNET account permissions. you could see an account called ASPNET created in your system. This account is only for executing ASP.NET application processing thread on the context of IIS.

Why Impersonation?

When we are doing I/O operations, the operation system makes security checks to understand if the user is authorized to do the operation. The same thing happens when you try to do operations on another machine in your network.

Using impersonation, ASP.NET applications can optionally execute the processing thread using the identity of the client on whose behalf they are operating.
·         You usually use impersonation for resource access control.
·         Like accessing a network resource or read write to a specific folder in the system outside the wwwroot folder requires the necessary impersonation. Or you could set permissions for IUSR or ASPNET in the folder permissions as read and write etc.
·         Same can be used for database access etc. 

You can impersonate an identity by adding the following to the web.config  
under <system.web>
<identity impersonate="true"
          userName="your domain\your user"
          password="password" />

In IIS 7.0 and above turn on the below config 

Note   Impersonation is local to a particular thread. When code changes threads, such as when using thread pooling, the new thread executes using the process identity by default. 

I hope that clarifies little bit on your confusion on the concept.
more information:

No comments:

Post a Comment