In my login page, I impersonate the logged in user. The user has an account in AD and I have Integrated Security = true in my connection strings. This way, the user should have access to the database.
I impersonate using the code below in the login page
...tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)impersonationContext = tempWindowsIdentity.Impersonate()
Will this impersonation last until the users session ends? The application calls several other project dll's, which also call the DB, as well as a web service on another server which hits the same DB.
If not, how often do I need to call for impersonation? Lots of DB calls are made throughout.
In other words,
I need Forms Authentication with Anonymous access enabled so that I can show my login screen, but I also need the user's AD identity to be impersonated(preferably, set only once) throughout my application
