In IIS, you can configure web.config file with option :
<identity impersonate="true" />
In this case, the user that runs .NET application is not the service account user used by IIS application pool, but another user, often the user identified by website. I know that this "impersonation" is not exactly what Windows does with the "runas" command. For example, user environment is not loaded...
MSDN says that about impersonation :
and for ACL on impersonate .NET programs :
Thank you for your help