, JuanZamudio wrote

@blowdart: question, if you don't undo the context in the catch aren't you falling in the security hole mentioned here http://blogs.msdn.com/b/shawnfa/archive/2005/03/22/400749.aspx? (another code can catch the exception and run as the impersonated user), or in this case it doesn't matter because is a web page that cant be called by someone else?

Mitigated by that yes, but you're right, I shouldn't be so lazy, so Shawn's advice should stand, if only to get you into the habit of doing it right for all cases.