I was looking for a table that showed how client authentication, server authentication and impersonate flag work together. I found many good examples and tutorials explaining how to make any combinaison work, but not a quick reference table.
So I made one. I tested on a Windows Server 2003 with ASP.NET version 2.0. I used wfecth as client to be sure of what was going on. Not every configuration makes sense in real life, but I included it for completeness. HTH !
|Client sends creds||Server require creds||Impersonate||Result|
|No||Yes||don't care||401 Unauthorized|
ps : Actually, NETWORK_SERVICE is the account the application pool is running under.