Pierre posted an entry bout impersonation in ASP.NET szenarios.

[Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource.

You have three choices (I guess):

1. Elevate the ASP.NET process identity - worse case since you could compromise the whole site security
2. Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx)
3. Demand the task to a COM+ server application

I think that the last is the best since we have more security and maintenance control
[...]

I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't.

By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on weblogs.asp.net :-) ...

So here my opinion as post in my blog:

Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.