Impersonating and Windows Authentication

Hi :-)

I'm having some trouble with LDAP and Active Directory on Win2k3

I use Windows Authentication and the code
System.Threading.Thread.CurrentPrincipal.Identity.Name gives me the correct
credentials when logged in.

When I create user in AD i get an error. I have 4 scenarioes - one work and
one don't. I'm very confused:

1) Does not work
- <identity impersonate="true"/> in web.config
- No impersonating by code
- No credentials are sent together with LDAP string [new
DirectoryEntry("mypath")]

Error message: System.Runtime.InteropServices.COMException: An operations
error occurred.
- I can't read from AD

2) Does not work
- <identity impersonate="true"/> in web.config
- No impersonating by code
- Credentials are sent together with LDAP string [new
DirectoryEntry("mypath", "username", "password", AuthenticationTypes.Secure);]

Error message: An operations error occurred
- I can read from AD

3) Does not work
- <identity impersonate="false"/> in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
- No credentials are sent together with LDAP string

Exception Details: The specified directory service attribute or value does
not exist.
- I can't read from AD

4) Works!
- <identity impersonate="false"/> in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
Credentials are sent together with LDAP string [new DirectoryEntry("mypath",
"username", "password", AuthenticationTypes.Secure);]

What is the difference between <identity impersonate="true"/> in web.config
and manual code impersonation?

What is the correct approch for user to manage AD from asp.net loged in with
Windowd credentials ?

--

Jesus Loves You
.