Presentation is loading. Please wait.

Presentation is loading. Please wait.

IIS and .NET Security Application Pools Pamella Smith June 18, 2009.

Published byEvelyn Leonard Modified over 5 years ago

Similar presentations

Presentation on theme: "IIS and .NET Security Application Pools Pamella Smith June 18, 2009."— Presentation transcript:

1 IIS and .NET Security Application Pools Pamella Smith June 18, 2009

2 Application Pool Defined Application Pool and Application Domain
IIS 5.0 Process Model IIS 6 Process Model IIS 7 Process Model Security Issues Application Pool Configuration Caveats 8/30/2019

3 Application Pool Defined
An application pool is a way to isolate applications/Web sites within the IIS framework. Each application pool is given its own set of server resources. An application pool may have 1 to many processes. 8/30/2019

4 Application Pool or Application Domain
An application domain used to isolate executed applications to prevent resource and memory interference. One application may have many application domain. One process may be associated with many application domains. An application pool can contain one or many applications. Each application pool runs in its own worker process. Application pools can be configured to provide required isolation needs. 8/30/2019

5 IIS 5.0 Process Model The IIS inetinfo.exe process listens on Port 80 for incoming HTTP requests. Since this is a process, it runs in “user mode”. Requests are queued to a single process queue. ASP.NET requests handed to the ASP.NET ISAPI. ISAPI communicates with ASP worker process via a named pipe. ASP worker process delivers the request to the ASP.NET HTTP runtime environment. ASP.NET web applications are hosted inside the worker process. Uses the concept of app domain…each virtual directory is executed in a single app domain. 8/30/2019

6 IIS 5.0 Application Protection
Low Medium High 8/30/2019

7 IIS 6 Process Model Applications run in different worker processes.
Each application pool can contain multiple application domains Multiple processes may host one application pool. Incoming HTTP requests are handled and queued at the kernel level versus the user mode (HTTP.SYS) Request is routed directly to correct application pool/specific worker process. The worker process loads the ASP.NET ISAPI extension. Request dispatching is not affected by crashes and problems at user level. 8/30/2019

8 IIS 7 Process Model More modular
Separate modules for authentication schemes Can uninstall or “not” install Reduces attack surface of server ASP.NET integrated – communication with ASP.NET ISAPI eliminated Still uses application pools Classic Mode Integrated Mode 8/30/2019

9 Security Issues .NET-integrated enhancements in IIS 6 and IIS 7 provide a greater level of application stability. Application Pools provide greater isolation levels for applications. High-risk applications can be grouped into properly configured application pools. Application pools can be tuned to provide a more granular level of security and safety. 8/30/2019

10 Application Pool Configuration
Creation Request-Processing Mode Recycling Start/Stop Performance Health Identity Other Configuration Options 8/30/2019

11 Application Pool Creation
Simple APPCMD Programmatically ADMIN extension 8/30/2019

12 Request-Processing Mode (Classic and Integrated mode (IIS 7))
Handles requests as IIS 6.0 Duplication of some steps, i.e., authentication. Integrated Only configured steps are executed, i.e., one-time authentication Managed features available to all content types 8/30/2019

13 Recycling Restarting the worker process Default 1740 minutes
Useful for problematic code 8/30/2019

14 Performance Idle Time-Out Request Queue Limit Enable CPU monitoring
Max number worker processing 8/30/2019

15 Health Enable Pinging Enable Rapid-Fail Protection Startup Time Limit
Shutdown Time Limit 8/30/2019

16 Identity Predefined LocalSystem NetworkService LocalService 8/30/2019

17 Other Configuration Options
Specify .NET framework Automatic Startup Assign applications to an application pool. 8/30/2019

18 Caveats Don’t have too many application pools. Set memory capacities
8/30/2019

19 References Working With Application Pools in Internet Information Server IIS 5.0 Process Model Dotnetextract.googlepages.com/iis-5.0-process-model IIS 6.0 Process Model Dotnetextract.googlepages.com/ii6.0processmodel IIS 7.0 Process Model 8/30/2019

20 Ditto http://www.casabaseurity.com/iis7_security_guide
8/30/2019

Download ppt "IIS and .NET Security Application Pools Pamella Smith June 18, 2009."

Similar presentations

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
Running PHP on Windows Server 2008 and IIS 7 Rob Cameron Developer Evangelist, Communications Sector Microsoft.

Running PHP on Windows Server 2008 and IIS 7 Rob Cameron Developer Evangelist, Communications Sector Microsoft.
Lap around IIS7 Ashish Jaiman ISV AE Microsoft Confidential.

Lap around IIS7 Ashish Jaiman ISV AE Microsoft Confidential.
IIS v7.0 Martin Parry Developer & Platform Group Microsoft Limited

IIS v7.0 Martin Parry Developer & Platform Group Microsoft Limited
Internet Information Server (IIS)

Internet Information Server (IIS)
Getting Started with WCF Windows Communication Foundation 4.0 Development Chapter 1.

Getting Started with WCF Windows Communication Foundation 4.0 Development Chapter 1.
Building Scalable and Reliable Web Applications Vineet Gupta Technology Evangelist Microsoft Corporation

Building Scalable and Reliable Web Applications Vineet Gupta Technology Evangelist Microsoft Corporation
April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.

April-June 2006 Windows Hosting Seminar Series Product Roadmap: IIS 7.0 Matthew Boettcher Web Platform Technical Evangelist (Hosting) Developer & Platform.
EPM 2007 Implementation and Upgrade Tips Summary June 18th, 2008 Brendan Giles, PMP, MCP.

EPM 2007 Implementation and Upgrade Tips Summary June 18th, 2008 Brendan Giles, PMP, MCP.
Joe Hummel, PhD Dept of Mathematics and Computer Science Lake Forest College Lecture 8: WebForms — Web-based.

Joe Hummel, PhD Dept of Mathematics and Computer Science Lake Forest College Lecture 8: WebForms — Web-based.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Virtual techdays INDIA │ 18-20 august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.

Virtual techdays INDIA │ august 2010 IIS 7/7.5 Tips & Tricks Jaskirat Singh │ Technical Lead [IIS|Asp.Net team], Microsoft.
PHP on Windows Overview. AGENDA MS Support for PHP community WS08 +PHP FASTCGI Enhancing PHP with IIS Extending PHP with.NET.

PHP on Windows Overview. AGENDA MS Support for PHP community WS08 +PHP FASTCGI Enhancing PHP with IIS Extending PHP with.NET.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Windows Server MIS 424 Professor Sandvig. Overview Role of servers Performance Requirements Server Hardware Software Windows Server IIS.

Windows Server MIS 424 Professor Sandvig. Overview Role of servers Performance Requirements Server Hardware Software Windows Server IIS.
AppCMD Quick Reference Guide for IIS 7 installed on Win2k8 Servers.

AppCMD Quick Reference Guide for IIS 7 installed on Win2k8 Servers.
A Close Look Inside the SharePoint Engine Randy Williams, MVP MOSS Synergy Corporate Technologies

A Close Look Inside the SharePoint Engine Randy Williams, MVP MOSS Synergy Corporate Technologies
Michael Epprecht Microsoft Switzerland twitter: fastflame The Windows Web Platform.

Michael Epprecht Microsoft Switzerland twitter: fastflame The Windows Web Platform.
1 Hosting PHP on IIS 7.0 Best Practices for shared hosting Microsoft® Hosting Deployment Accelerator.

1 Hosting PHP on IIS 7.0 Best Practices for shared hosting Microsoft® Hosting Deployment Accelerator.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Six Configuring Windows Server 2008 Web Services,

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Six Configuring Windows Server 2008 Web Services,

Similar presentations

Ads by Google