asp.net impersonation identity: Where does it come from?

Posted by Rising Star on Stack Overflow See other posts from Stack Overflow or by Rising Star
Published on 2010-06-08T19:41:26Z Indexed on 2010/06/08 19:52 UTC
Read the original article Hit count: 172

Here's a simple question I've been stuck on for a while.

When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from?

This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user:

  • Httpcontext.Current.user
  • System.Threading.Thread.Current
  • System.Security.Principal.WindowsIdentity.GetCurrent
  • It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config.

    I would like to know where the impersonated identity comes from.

    © Stack Overflow or respective owner

    Related posts about ASP.NET

    Related posts about security