something I have found is that if you still allow anon users then impersonation wont work its still registers the user on the ASPNET user rather than trying to authenicate themif you turn off the annon users then it forces IIS to authenicate them and will allow them to impersonate properly if this causes a problem with the rest of you site then put it in to a sub folder and set the app setting on this area