(a question of similar vein has been asked before both question , accepted answer not provide detail looking for)
with intention of running asmx web service under dedicated domain account usage scenarios and/or pros , cons of using application pool identity of domain account versus impersonation?
we have 3 small internal web services run under relatively low load , switch them running under own domain accounts (for purpose of integrated security sql server etc). appear have choice of creating dedicated app pools each application, or having single app pool applications , using impersonation in each.
i understand app pools provide worker process isolation , there considerations performance when using impersonation, aside else dictate correct option?
typically, choose different identity worker process (or asp.net impersonation) because there need access local/network resources needs specific permissions. obvious dis-advantage application code may run under more permissions may need , thereby increasing vulnerability against malicious attacks.
asp.net impersonation have more overhead because user context needs switched each request. suggest go separate app pool approach - disadvantage app pool approach have process each 1 of them , there overhead (from os perspective) each process. if applications smaller , don't have strong memory demands should not issue,
Comments
Post a Comment