IMPERSONATION - Not commonly used in applications. But when the time calls for it, there are a number of ways for impersonating a User or Windows account in your applications.
This can be achieved by:
- Changing the App.Config or Web.Config of your application, or
- Setting IIS to run under the context of a Windows Service Account, or
- Specifying the application pools to run under the context of a Windows Service Account
However, most of the above options are very locked down. Once this has been set up it may be very troublesome to gain Server access to change any of these settings. But what if you want the flexibility to be able to run sections of your code using different Windows Service Accounts? What this means is that it will give you, as the developer, control over which Service Account your functions will be executing under.
This opens up a wide variety of design decisions and security implications to consider. For example: You can have one Account for all database operations, a second account for reading files from the file system, and a third account for writing to the file system.
In this article, I will show you how you can enable Impersonation across multiple sections of your application code…