Application pools in IIS Part 82
Link for csharp, asp.net, ado.net, dotnet basics, mvc and sql server video tutorial playlists
http://www.youtube.com/user/kudvenkat/playlists
In this video we will discuss about
1. What are application pools in
IIS
2. Creating application pools in internet information services(IIS)
3.
Application pool identities
4. Associating an
ASP.NET Web Application with an Application
Pool
What are application pools in IIS
An Application Pool can contain one or more web applications. In IIS it is possible to create one or more application pools.
Applications in different application pools, runs in its own worker process(w3wp.exe).
Errors in one application pool will not affect the applications running in other application pools. For example, if an application pool is recycled, only the applications in that pool are affected(may loose state information if stored inside worker process), and applications in other application pools are unaffected. Deploying applications to different application pools enables us to achieve the degree of application isolation that we need, in terms of availability and security. For example, applications that require high security can be present in one application pool, and the other applications can be in a different application pool. Another example, hosting providers can place competing business applications in different application pools, so that they do not accidentally access the data belonging to their competitor.
Creating application pools in internet information services(IIS)
1.
Click on start
2.
Type "
RUN" and press "
ENTER"
3
. In the "RUN" window, type "INETMGR"
4.
Click "OK"
5. In the IIS Manager window, expand the root node and right click on "Application Pools" and select "Add Application Pool"
6. Provide the "
Name" for Application pool and click
OK.
Application pool identities
Asp.net applications execute inside asp.net worker process called w3wp.exe. The applications are executed by the worker process, using a windows identity. The windows identity that is used, is dependent on the application pool identity. The application pool identity can be any of the following built in aaccounts
1. LocalService
2. LocalSystem
3. NetworkService
4. ApplicationPoolIdentity
In addition to these built-in accounts, we can also use a custom account, by specifying the username and password.
By default, when a new application pool is created, it uses ApplicationPoolIdentity. To change the application pool identity
1.
Right click on the application pool and select "Advanced Settings"
2. In the "Advanced Settings", click the elipses button next to "
Identity" under "
Process Model" section
3. From the "Application Pool Idenity" window, select one of the built-in accounts or enter the user and password, if you choos to use a custom account.
4.
Finally click "OK"
Local
System :
Completely trusted account and has very high privileges and can also access network resources.
Network Service : Restricted or limited service account that is generally used to run, standard least-privileged services. This account has less privileges than Local System account. This account can access network resources.
Local Service : Restricted or limited service account that is very similar to Network Service and meant to run standard least-privileged services. This account cannot access network resources.
ApplicationPoolIdentity: When a new Application Pool is created, IIS creates a virtual account with the name of the new Application Pool and run the Application Pool's worker processes under this account. This is also a least privileged account.
Running an application using a low-privileged account is a good security practice, because, if there is a bug, that cannot be used by a malicious user to hack into your application or your system.
Associating an ASP.NET Web Application with an Application Pool
1.
Create a new asp.net web application project with name "SecurityDemo" in
C:\
2.
Open IIS (Type INETMGR in RUN windwo, and click
OK)
3.
Expand IIS root node
4. Expand "Sites"
5. Right click on "
Default Web
Site" and select "Add Application"
6.
Enter the
Alias Name for your application
7.
Select the physical folder of the application by clicking on the elipses button next to "
Physical Path" textbox. If you are following along with me, then in the Physical Path text box you should have C:\SecurityDemo\SecurityDemo
8. To associate the application pool, click the "
Select" button next to "Application pool" textbox, and select the application pool from the dropdownlist.