Know Your Tradeoffs with Impersonation
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
Be aware that impersonation prevents the efficient use of connection pooling if you access downstream databases by using the impersonated identity. This impacts the ability of your application to scale. Also, using impersonation can introduce other security
vulnerabilities, particularly in multi-threaded applications.
You might need impersonation if you need to:
- Flow the original caller's security context to the middle tier and/or data tier of your Web application to support fine-grained (per-user) authorization.
- Flow the original caller's security context to the downstream tiers to support operating system level auditing.
- Access a particular network resource by using a specific identity.