WindowsIdentity.GetCurrent() vs Request.LogonUserIdentity?

Im trying to understand the difference between assigning permission in here :

vs

assigning via impersonation :

1) ive heard that impersonation is used to access resources rather than running exe process

ive tried to run an EXE Process with only impersonation to my user , with NO success.

Later i set the user to the application pool identity - (first picture here) and then i was able to run exe files.

• what are their job difference between those two ?

• if i set only the application pool identity ( and not impersonation) - will it be able to access external resources which has special permissions?

I think you misunderstood/mixed the definition of Pool Identity and Impersonate Identity

• Pool Identity is the identity IIS used to start your web application. So your web application will have all the access right to your system as this user.

E.g. If you set the Pool Identity to a low privileged user, you will find your web application cannot access the files on your system; but if you set the pool identity to Administrator, your web application can access everything on your system, even restart your computer. Yes, your security is screwed :P

• Impersonate Identity is the identity your web application thinks who made the request. More specifically, when you use WindowsIdentity.GetCurrent to get the current user identity. If you set the impersonation, you will get the fixed user identity. If you disabled impersonation, it will be the user's identity. This is usually helpful in a Windows domain.

PS:

hmmm...these two identities are not related. so you should not put them in a fight :)

Let met try this: Pool Identity is like your ID to your parents. They know who you are, how old you are, you cannot lie; Impersonate Identity is like your ID card, if you get a fake ID card, you can go to a bar under the age 21, and get drunk xD