Symptoms
In a Microsoft ASP.NET Web application, when you try to impersonate a user from a secondary thread, a System.Security.SecurityException exception may occur. When the System.Security.SecurityException exception occurs, you receive the following error message:

An unhandled exception of type ‘System.Security.SecurityException’ occurred in Unknown Module.
Additional information: Unable to impersonate user.This behavior occurs if all the following conditions are true: You enable impersonation in the Web.config file of your application.In the <processModel> element of the Machine.config file, the value of the userName attribute is specified as Machine to run the ASP.NET worker process in the security context of the ASPNET local user account.You use Integrated Windows authentication for your application.This behavior does not occur in Microsoft Windows Server 2003 or in Microsoft Windows 2000 Service Pack 4 (SP4).
Resolution
If you enable impersonation in the Web.config file of your ASP.NET Web application, only the primary thread of the application impersonates the user who you have specified. The secondary thread and the other threads that you start in your application use the security context of the ASPNET local user account. However, only the impersonated user account can access the Thread object for the secondary thread. Because the ASPNET user account lacks the rights to access this Thread object, you cannot impersonate a user from the secondary thread.