Do you know that? 1% jobs posted on Elance are for Legal next

Explain how authorization works in ASP.NET.

ASP.NET impersonation is controlled by entries in the applications web.config file.

Though the default setting is no impersonation, it can be explicitly set using:

<identity impersonate=''false''/>

With ASP.NET won't perform any authentication and would run with its own privileges. The default is an unprivileged account named ASPNET. It can be changed a setting in the processModel section of the machine.config file.

Disabling impersonation runs the entire request in the context of the account running ASP.NET (ASPNET account or the system account).

The second possible setting is to turn on impersonation.
<identity impersonate =''true''/>

Here, ASP.NET takes on the identity IIS passes to it. If anonymous access is allowed in IIS, then the IUSR_ComputerName account will be impersonated otherwise ASP.NET will take the authenticated user credentials and make requests for resources.

A particular identity can be specified to use all authenticated requests as:
<identity impersonate=''true'' username=''DOMAIN\username'' password=''password''/>

With this, the requests are made as the specified user. The password is assumed to be correct. The drawback is that you must embed the user's password in the web.config file in plain text which is a security risk.