Security impersonation is disabled by default with ASP.NET but can be enabled by appropriate configuration settings. For more information about ASP.NET security using impersonation, see ASP.NET Impersonation. For a discussion of the types of attacks your Web site may be subjected to, see Security Considerations for ASP.NET Web Applications. For a general discussion of ASP.NET security, see Securing Applications. For detailed information about configuration files, see ASP.NET Configuration.