Home/ Questions/Q 8323089
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T23:36:35+00:00

Please consider this scenario: I have a web site that host behind IIS 7.0

  • 0

Please consider this scenario:

I have a web site that host behind IIS 7.0 . Almost every IIS setting are defaulr settings. I have a folder for upload files that ASP.Net user had write access to it.currently IIS manager cancel this write access and he want to add a local user in Windows Server that this user can has write access to that folder. Now my question is how I can Impersonate user in asp.net and if this method is secure? I want all the request execute on server according to default IIS user but I want just impersonate for upload a file.

thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What you need is partial impersonation. you don’t need all request to be impersonated but only a few call should be impersonated. i think you must have a look at this article.

    http://support.microsoft.com/kb/306158

    this is how it impersonate a piece of code under logged in user’s credentials while rest of the call will be processed using default app Pool identity

    System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext = 
    ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();

//Insert your code that runs under the security context of the authenticating user here.

impersonationContext.Undo();
    • 0