I read an article from msdn magazine a while back that explained how requests are forwarded from IIS 5.0 to aspnet_wp.exe. The basic overview can be interpreted by the figure below:
Pasted from http://www.msdn.microsoft.com/msdnmag/issues/02/09/HTTPPipelines/default.aspx
So, when a request comes into inetinfo.exe, the requests is forwarded to aspnet_isapi.dll, which is hosted in inetinfo.exe, then inetinfo.exe creates named pipes, starts up aspnet_wp.exe, and finally writes the request to a named pipe and aspnet_wp.exe reads it. Notice that the aspnet_isapi.dll is an isapi extension being hosted in inetinfo.exe.
Here is where it all starts to break down in my head. I thought that in any giving virtual directory in IIS 5.0 you can set application protection from low, to medium, to high. Now when application protection is set to low, a isapi extension runs in inetinfo.exe, when set to either medium or high, the isapi extension runs in a out-of-process DLLHost.exe. I could be wrong, but this is what I thought happens.
Now, if aspnet_isapi.dll is an ISAPI extension, and application protection for the virtual directory is set to medium or high, shouldn’t the aspnet_isapi.dll run in DLLHost.exe?
I’ve wondered about this for a bit, and I finally decided to figure out what is really going on. I downloaded FileMon, and watched all of my systems activity. I found out that I was wrong.
Here are some screen shots from FileMon:
In ScreenShot1 inetinfo.exe is forwarding a request to the aspnet_isapi.dll.
In ScreenShot2 inetinfo.exe is creating named pipes and opening the aspnet_wp.exe. Exactly the way the first figure showed. So, what happened to DLLHost.exe, well...
Searching a little bit more around msdn, I found this little Snippet:
Application Isolation
Separate application domains within the worker process (one per IIS virtual directory, or in other words, one per ASP.NET Web application or Web service) are used to provide isolation.
This is in contrast to classic ASP, where the application protection level, configured within the IIS metabase determined whether the ASP application should execute in process with IIS (inetinfo.exe), out of process in a dedicated instance of Dllhost.exe, or in a shared (pooled) instance of Dllhost.exe.
Important The process isolation level setting within IIS has no affect on the way ASP.NET Web applications are processed.
Pasted from http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetAP04.asp?frame=true
The initial figure I posted was from an article written in msdn magazine. The article mentioned that application isolation is done through app domains, but didn't mention that iis application isolation no longer has any effect (in hindsight this was being implied). The second article I pasted from cleared up this misconception for me.
8:06:09 PM 
|
