asp.net impersonation identity: Where does it come from?
- by Rising Star
Here's a simple question I've been stuck on for a while.
When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from?
This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user:
Httpcontext.Current.user
System.Threading.Thread.Current
System.Security.Principal.WindowsIdentity.GetCurrent
It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config.
I would like to know where the impersonated identity comes from.