To configure ASP.NET to impersonate the Windows iden.y supplied by IIS as the WindowsIden.y for the ASP.NET application, edit the Web.config file for the application and set the impersonate attribute of the iden.y configuration element to true, as shown in the following example..When using impersonation, ASP.NET applications can execute with the Windows iden.y user account of the user making the request. Impersonation is commonly used in applications that rely on Microsoft Internet Information Services IIS to authenticate the user. ASP.NET impersonation is disabled by default.. - BUT, what did I just do here? You are now running your website under the iden.y of the client user. Is there any security risk? That would depend on the permissions that this account has on the server. Usually it is bad practice to run a website with accounts that have lots of privileges. Ideally you should .Hi, I would like to know what exactly does the in the Web.config file mean? Does it give full access rights to ANYONE to do ANYTHING in ANY folder or does it only give the authenticated user his own rights as ASPNET or IUSR_MACHINENAME account? Thanks, Timmy..