Setting an Impersonation Level
When you set an impersonation level for an application, you determine what degree of authority the application grants other applications to use its identity when it calls them. You can set this only for COM+ server applications—library applications run under the identity of the hosting process and use the impersonation level that it specifies. For more detail, see Impersonation Levels.
To select an impersonation level
Right-click the COM+ application for which you are setting impersonation, and then click Properties.
In the application properties dialog box, click the Security tab.
In the Impersonation level box, select the appropriate level. The levels are as follows, ordered from granting least to greatest authority:
- Anonymous. The client is anonymous to the server. The server can impersonate the client, but the impersonation token (a local credential) does not contain any information about the client.
- Identify. The server can obtain the client's identity and can impersonate the client to do ACL checks.
- Impersonate. The server can impersonate the client while acting on its behalf, although with restrictions. The server can access resources on the same computer as the client. If the server is on the same computer as the client, it can access network resources as the client. If the server is on a computer different from the client, it can access only resources that are on the same computer as the server. This is the default setting for COM+ server applications.
- Delegate. The server can impersonate the client while acting on its behalf, whether on the same computer as the client. During impersonation, the client's credentials (both those with local and those with network validity) can be passed to any number of machines.