There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource.
You have three choices (I guess):
- Elevate the ASP.NET process identity - worse case since you could compromise the whole site security
- Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx)
- Demand the task to a COM+ server application
I think that the last is the best since we have more security and maintenance control.