Hello,

I'm writing a web method which calls a COM+ method, which I need to
call with the user that logged on to windows and invoked the WebMethod
(impersonation).

Simple impersonation works (impersonte=true in web.config) - however, i
need that only a certain part of the code will run in this context. For
other parts, i need different grant opions.

So that where code-impersonation comes in (using
HttpContext.Current.User.Indetity and calling Impersonate()).

For example:

[WebMethod]
public void ConfusedMethod()
{
 // This lines will need some powerful grants
 WriteSomethingToEventLog();
 OpenFileInSystemDirectory();

 // This lines should be run with the user
 DoImpersonation();
 CallComComponent();
 UndoImpersonation();
}

THE PROBLEM IS:
i need the first lines to run with a differnet user. i dont want to use
2 impersonations.
i want all the other parts - which are not in the impersonation scope -
to run with a user ill configure in IIS (NOT "network service"!)

tried the following:
1 - configure the webservice to run as anonymous access, with a certain
user. but then Impersonate() doesnt work (exception - cant impersonate
with an anonymous user).

2  - configure the webservice as windows-integrated security. now i
want to decide which user will run the "default lines". so the only way
i see - is create an application pool with identity=MyDefaultUser.
when doing this, i get an http 401 error (unauthorized) if i try to
call the web service. the only user which works is if i call the
webservice with MyDefaultUser.

I DO set the credentials for the webservice (defaultCredentials) - so
thats not the problem.

whats the correct way to accomplish that?