We're using the PI SDK and AF SDK in various ASP.NET 4.0 websites hosted in all versions of IIS. Is there any way to determine if a particular Windows User has read access to a particular PI Point? We have the user's domain name and Windows account name available. This this likely possible using impersonation, but given Kerberos/double-hop issues with impersonation, we'd like to stay away from it. Any suggestions on determining point-level access permissions based on a username without having to log in as that user?