Overview


If you host multiple ASP.NET Web applications on a shared Web server, you need to consider application isolation. For example, how can you ensure that individual applications will not affect one another at runtime? How can you prevent a single rogue or badly written application from consuming critical system level resources on the server that keeps other applications from running properly?

The issue is particularly significant for Internet Service Providers (ISPs) who host large numbers of applications from different companies. In a hosting scenario, it is essential to ensure that the installation of a new application cannot adversely impact the operation of existing applications.

There are a number of ways in which application isolation can be achieved. The available options vary depending on the version of the .NET Framework and the version of the operating system that you run on the Web server. If you are running version 1.1 of the .NET Framework, you can use the resource constraint model provided by code access security to provide one level of application isolation. This application isolation is achieved by restricting an application from to access different types of resources such as the file system, registry, event log, Active Directory, databases, network resources, and so on.

In addition, Windows Server 2003 provides process isolation through Internet Information Services 6.0 (IIS 6) application pools that enable multiple applications to run in separate IIS worker process instances. Process isolation is not possible on Windows 2000 because all Web applications run in a single instance of the ASP.NET worker process, with application domains providing isolation.

The Table 20.1 summarizes the various options for application isolation that are available on Windows 2000 and Windows Server 2003.

Table 20.1: Application Isolation Features for Windows 2000 and Windows Server 2003

Isolation Feature

Windows 2000

Windows Server 2003

Process isolation

No

Yes (IIS 6 App Pools)

Application domain isolation

Yes

Yes

Multiple thread identities

Yes

Yes

Code access security resource constraint

Yes(.NET Framework version 1.1)

Yes(.NET Framework version 1.1)

Windows Server 2003 running version 1.1 of the .NET Framework is the recommended platform for hosting multiple ASP.NET applications because it supports process isolation and provides the richest range of options for application isolation.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net