Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.