Text version of the video
Slides
All ASP .NET Text Articles
All ASP .NET Slides
All Dot Net and SQL Server Tutorials in English
All Dot Net and SQL Server Tutorials in Arabic
In this video we will discuss about
1. What are application pools in IIS
2. Creating application pools in internet information services(IIS)
3. Application pool identities
4. Associating an ASP.NET Web Application with an Application Pool
What are application pools in IIS
An Application Pool can contain one or more web applications. In IIS it is possible to create one or more application pools. Applications in different application pools, runs in its own worker process(w3wp.exe). Errors in one application pool will not affect the applications running in other application pools. For example, if an application pool is recycled, only the applications in that pool are affected(may loose state information if stored inside worker process), and applications in other application pools are unaffected. Deploying applications to different application pools enables us to achieve the degree of application isolation that we need, in terms of availability and security. For example, applications that require high security can be present in one application pool, and the other applications can be in a different application pool. Another example, hosting providers can place competing business applications in different application pools, so that they do not accidentally access the data belonging to their competitor.
Creating application pools in internet information services(IIS)
1. Click on start
2. Type “RUN” and press “ENTER”
3. In the “RUN” window, type “INETMGR”
4. Click “OK”
5. In the IIS Manager window, expand the root node and right click on “Application Pools” and select “Add Application Pool”
6. Provide the “Name” for Application pool and click OK.
Application pool identities
Asp.net applications execute inside asp.net worker process called w3wp.exe. The applications are executed by the worker process, using a windows identity. The windows identity that is used, is dependent on the application pool identity. The application pool identity can be any of the following built in aaccounts
1. LocalService
2. LocalSystem
3. NetworkService
4. ApplicationPoolIdentity
In addition to these built-in accounts, we can also use a custom account, by specifying the username and password.
By default, when a new application pool is created, it uses ApplicationPoolIdentity. To change the application pool identity
1. Right click on the application pool and select “Advanced Settings”
2. In the “Advanced Settings”, click the elipses button next to “Identity” under “Process Model” section
3. From the “Application Pool Idenity” window, select one of the built-in accounts or enter the user and password, if you choos to use a custom account.
4. Finally click “OK”
Local System : Completely trusted account and has very high privileges and can also access network resources.
Network Service : Restricted or limited service account that is generally used to run, standard least-privileged services. This account has less privileges than Local System account. This account can access network resources.
Local Service : Restricted or limited service account that is very similar to Network Service and meant to run standard least-privileged services. This account cannot access network resources.
ApplicationPoolIdentity: When a new Application Pool is created, IIS creates a virtual account with the name of the new Application Pool and run the Application Pool’s worker processes under this account. This is also a least privileged account.
Running an application using a low-privileged account is a good security practice, because, if there is a bug, that cannot be used by a malicious user to hack into your application or your system.
Associating an ASP.NET Web Application with an Application Pool
