Hey, thanks for that...works great.

Reference Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the MSDN site. It'll give you plenty of answers! Briefs on Your questions: See the aforementioned link. Not sure about that, but impersonation itself is a slight perfomance hit aggregated onto the overall performance. You're switching the user context, so there's an OS hit to set up the impersonation context. Yes, as long as the impersonated context/calling machine has access to the 'nix box, either as a native user or via username/password. By all means! Eval your data security needs. Keep in mind that just because you're app is in the intranet doesn't mean it's secure. There's always the possiblity someone will hijack the flow of data (d4mn p4ck3t sn1ff3rz!) from within the organization. See the aforementioned link. Ian Mariano - http://www.ian-space.com/ "We are all wave equations in the information matrix of the universe" - me

The truth of the matter is, an hour interview (or one that lasts all day), isn't sufficient time to judge whether someone will work out or not. You can have someone with a good resume and they interview well. Your tech folks talk to them, and think they know what they're doing. In the end, all you've got is someone who knows how to present themselves. You have no idea what they will be like to work with. Software Zen: delete this;