When using impersonation, ASP.NET applications can execute with the Windows identity (user account) of the user making the request. Impersonation is commonly used in applications that rely on Microsoft Internet Information Services (IIS) to authenticate the user.
ASP.NET impersonation is disabled by default. If impersonation is enabled for an ASP.NET application, that application runs in the context of the identity whose access token IIS passes to ASP.NET. That token can be either an authenticated user token, such as a token for a logged-in Windows user, or the token that IIS provides for anonymous users (typically, the IUSR_MACHINENAME identity).
< configuration > < system.web > < identity impersonate="true"/ > < /system.web > < /configuration >
You can also add support for specific names to run an application as a configurable identity, as shown in the following example:
< identity impersonate="true" userName="contoso\Jane" password="********" / >