Active Directory & DirectoryEntry object issue

hi, i have an intranet web app set up with Integrated Windows authentication, and my web.config file is flagged for impersonation as well. so far so good when grabbing the current user with Context.User.Identity.Name (returns myDomain\currentUser). anyway, i'm then trying to check if this user is a member of a particular Active Directory security group in the domain using a DirectoryEntry object. my test code worked just fine as a console app, however, i'm getting an exception of type "unknown error" when trying this inside the web app. the error occurs at the point when i try to read my DirectoryEntry.Properties["member"].xxx values. the aspnet worker process is running under the default ASPNET account, but since i've set up the app to use impersonation, i was under the impression that the request for Active Directory info would be handled under the context of the logged in user. i'm guessing the problem has to do with the fact the the ASPNET account doesn't have rights to read DirectoryEntry properties and such. any thoughts? go easy, i'm a total newb with security. many thanks in advance!!! mirirom