Semantics of Process Model - Identity

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All,

I have an EXE that is normally launched N times, where N is number of
users logged into a machine and decides to use the EXE.

I also have an ISAPI DLL that talks to the EXE, andit is necessary
that the DLL and its host process run under the same user account as
the EXE (same kernel namespace).

So I am looking at the IIS 7.0 configuration options, and it seems
that what I would like to do is create N application pools, define the
appropriate username/password for each application pools to correspond
to the N EXE's.

Is this correct?

Also, how do ISP's maintain separation between a server hosting, say,
20 of their customers web sites?


-Le Chaud Lapin-

Re: Semantics of Process Model - Identity

Regarding question 2, have a look at that paper:


Quoted text here. Click to load it

Re: Semantics of Process Model - Identity

Quoted text here. Click to load it

Thanks, but, it looks like that paper is written for ASP.NET.

We have an ISAPI DLL written in C++ that is registered as a server-
wide module.

What I was interested in was the separation model for multiple sites
on same machine.

For example, let's say that a web-hosting company has 20 sites on one
of its servers, one for each of its customers, all unrelated to each

If I were one of those customers, I might have ISAPI DLL that I wrote
to sit behind my site to help handle HTTP requests.  But certainly the
ISP would not allow my DLL to run in the same process context as that
enabling the other 19 sites. If it did, I could simply add code to my
DLL to spy on the other 19 sites' HTTP requests, and steal
information, etc. I could also crash w3wp.exe, bringing down the other
19 sites.

So at very minimum, I would expect that a web-hosting company would
have 20 distinct w3wp.exe processes, one for each site. But this might
not be enough, as, with some trickery, if my w3wp.exe lies within the
same logon context as the other 19 w3wp.exe, I could still steal
information from other sites.

So, there has to be some kind of isolation certainly beyond URL path
examination, and probably beyond multiple w3wp.exe.

I'd like to know how it's done. I called  a major USA hosting company
last night and asked, and the customer service rep said that his
technician told him "we cannot give out that information."

-Le Chaud Lapin-

Re: Semantics of Process Model - Identity


See inline


Quoted text here. Click to load it
Yes it is mostly for ASP.NET hosting but information regarding isolation
using separate app pools are applicable to any kind of hosting.
Quoted text here. Click to load it
If I undertand your request correctly, you already gave the solution:
Assuming your ISAPI is an application, not a filter, running every site
using its own app pool and a separate identity should do the job.
If the application requires anonymous access, having one dedicated anonymous
account per site is also advised.
Then regarding what's happening outside the w3wp process, it's up to you to
grant the permission to the app pool identity (com, local or remote

Look on the MS web site, there are tons of resources regarding shared

Quoted text here. Click to load it
This I can imagine :)
Quoted text here. Click to load it

Re: Semantics of Process Model - Identity


If you are using IIS 6.0, you would run each worker process under a separate
identity. You would use NTFS permissions to ACL the content of each
individual website. That's a starting point. Microsoft has a Web Hosting
Solution accelerator on their website that you can download (this gives you
documents, scripts etc) for building and configuring IIS servers in a
hosting environment.

For IIS 7.0 there's a new feature called web app pool isolation, that can
avoid the necessity for creating large numbers of user accounts:

But again, you might just be better off buying a good book in IIS 7.0


My IIS blog:

Quoted text here. Click to load it

Site Timeline