When client makes a request to the web server, web server will attach a user account to the client request under which processing of the web page will be taken. By submitting this user account web apge will access other resources on the network.
The default user account will be IUSR_SYSTEMNAME. But the user account can be changed according to the requirement. This process id called as impersonation.
The impersonation process can be implemented through web.config using Identity tag like below:
<Identity impersonate=”true” username=”user1″ password=”password” />
Authentication is the process of getting credentials of the client. The credentials can be user name, password security token so on.
Autherization is the process of verifying credentials to provide access to requested resources (web pages).
Asp.Net supports 3 types of Authentication: