I just finished reading a dozen or so posts about impersonation, and I am still unclear how to get it to work.
DNN 5.4.4 w/ AD provider version 5.0.2
IIS 6 on Windows 2k3 standard server.
.NET 3.5


I am using a service account specifically for impersonation. The AD account has change access to all the required directories on the web and system folders.
I had originally setup DNN with AD authentication and used the service account to setup the the AD extension in DNN. Worked great, service account sees the DC and authenticates, Green check marks, etc.. users all authenticate and all is peachy.

I then make the required changes for impersonation.
1) I changed the web.config file adding impersonation with the service account credentials.

<!-- Forms or Windows authentication -->
<identity impersonate="true" userName="DOMAIN\UserID" password="pa$$word"/>
<authentication mode="Forms">
<forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>

2) I changed the Identity in the ASP.NET App Pool to the service account credentials.
3) I refreshed the App Pool and restarted my web service.
4) Open my browser and added the http:// address to my trusted sites list.
5) Browse to my intranet site and immediately get prompted with a Windows logon box for my windows credentials.
6) I enter my credentials multiple times and it fails with "Error: Access is Denied."
7) Just for giggles I tried multiple user ID's and multiple URL addresses including the WindowsSignin.aspx.

Do I need to change my App Pool identity? And shouldn't it work with any domain ID in my App Pool as long as they have the correct permissions?
Thanks...

Thanks for your reply Mike!  I am glad I had it right, except for the App Pool identity.
Unfortunately, I am pretty sure I need to use a domain ID for the App Pool identity so that I can access some UNC paths for network resources.  (example: DMX document management)
Do you know of a configuration that will work with a domain ID in the App Pool?
Thanks..