My humble applications running on IIS 6.0 hosted in a Windows Server 2003 box are in need of an upgrade to improve user security. The code is all done in ASP classic (not .NET) and I'm trying to figure out how to use the "impersonate" feature properly to work with Integrated Windows Authentication. We created a dedicated Windows account and gave it all the right access levels to view records, execute database commands, etc., so as to avoid having the users get direct read/write access. This was the security concern we were battling in this other post: http://www.webdeveloper.com/forum/sh...ure-web-access

Right now, users can pull up the web page, but it doesn't pass their logged on credentials to the server, therefore they are not able to view what they should.

What would be the correct way to "turn on" this "impersonate" feature for the established service account?

Please and thank you for all your help!