Support us .Net Basics C# SQL ASP.NET ADO.NET MVC Slides C# Programs Subscribe Buy DVD

Application pools in IIS - Part 82

Suggested Videos
Part 79 - Tracing in asp.net
Part 80 - Writing custom asp.net tracing messages
Part 81 - Tracing in asp.net - A real time example

In this video we will discuss about
1. What are application pools in IIS
2. Creating application pools in internet information services(IIS)
3. Application pool identities
4. Associating an ASP.NET Web Application with an Application Pool



What are application pools in IIS
An Application Pool can contain one or more web applications. In IIS it is possible to create one or more application pools. Applications in different application pools, runs in its own worker process(w3wp.exe). Errors in one application pool will not affect the applications running in other application pools. For example, if an application pool is recycled, only the applications in that pool are affected(may loose state information if stored inside worker process), and applications in other application pools are unaffected. Deploying applications to different application pools enables us to achieve the degree of application isolation that we need, in terms of availability and security. For example, applications that require high security can be present in one application pool, and the other applications can be in a different application pool. Another example, hosting providers can place competing business applications in different application pools, so that they do not accidentally access the data belonging to their competitor.



Creating application pools in internet information services(IIS)
1. Click on start
2. Type "RUN" and press "ENTER"
3. In the "RUN" window, type "INETMGR"
4. Click "OK"
5. In the IIS Manager window, expand the root node and right click on "Application Pools" and select "Add Application Pool"
6. Provide the "Name" for Application pool and click OK.

Application pool identities
Asp.net applications execute inside asp.net worker process called w3wp.exe. The applications are executed by the worker process, using a windows identity. The windows identity that is used, is dependent on the application pool idenity. The application pool identity can be any of the following built in aaccounts
1. LocalService
2. LocalSystem
3. NetworkService
4. ApplicationPoolIdentity

In addition to these built-in accounts, we can also use a custom account, by specifying the username and password.

By default, when a new application pool is created, it uses ApplicationPoolIdentity. To change the application pool identity
1. Right click on the application pool and select "Advanced Settings"
2. In the "Advanced Settings", click the ellipses button next to "Identity" under "Process Model" section
3. From the "Application Pool Identity" window, select one of the built-in accounts or enter the user and password, if you choose to use a custom account.
4. Finally click "OK"
Changing application pool identity

Local System : Completely trusted account and has very high privileges and can also access network resources. 

Network Service : Restricted or limited service account that is generally used to run, standard least-privileged services. This account has less privileges than Local System account. This account can access network resources.

Local Service : Restricted or limited service account that is very similar to Network Service and meant to run standard least-privileged services. This account cannot access network resources.

ApplicationPoolIdentity : When a new Application Pool is created, IIS creates a virtual account with the name of the new Application Pool and run the Application Pool's worker processes under this account. This is also a least previlaged account.

Running an application using a low-privileged account is a good security practice, because, if there is a bug, that cannot be used by a malicious user to hack into your application or your system.

Associating an ASP.NET Web Application with an Application Pool
1. Create a new asp.net web application project with name "SecurityDemo" in C:\
2. Open IIS (Type INETMGR in RUN window, and click OK)
3. Expand IIS root node
4. Expand "Sites"
5. Right click on "Default Web Site" and select "Add Application"
6. Enter the Alias Name for your application
7. Select the physical folder of the application by clicking on the ellipses button next "Physical Path" text box. If you are following along with me, then in the Physical Path text box you should have C:\SecurityDemo\SecurityDemo
8. To associate the application pool, click the "Select" button next to "Application pool" text box, and select the application pool from the drop down list.
Associating an ASP.NET Web Application with an Application Pool

No comments:

Post a Comment

If you like this website, please share with your friends on facebook and Google+ and recommend us on google using the g+1 button on the top right hand corner.