asp.net web.config impersonation vs application pool identity

Question

If I impersonate a user in the web.config but the application runs under an application pool which uses another identity, which identity would be used when you access resour

Answer 1

When you access resources on the server the user will be the one specified on the impersonation configuration NOT the one on the application pool

Impersonation enabled for a specific identity. In this instance, ASP.NET impersonates the token generated using an identity specified in the Web.config file.

<identity impersonate="true"
      userName="domain\user" 
      password="password" />

Impersonation enabled. In this instance, ASP.NET impersonates the token passed to it by IIS, which is either an authenticated user or the anonymous Internet user account.

 <identity impersonate="true" />

Source: MSDN

In case you're interested, here you have an article with a Identity matrix for different impersonate scenarios.

And yes, you can impersonate programatically as Alex Dn said

Answer 2

1) In web.config.

2) You can do impersonation in code behind: http://support.microsoft.com/kb/306158

or Another article