Semantics of Process Model - Identity

Hi All,

I have an EXE that is normally launched N times, where N is number of
users logged into a machine and decides to use the EXE.

I also have an ISAPI DLL that talks to the EXE, andit is necessary
that the DLL and its host process run under the same user account as
the EXE (same kernel namespace).

So I am looking at the IIS 7.0 configuration options, and it seems
that what I would like to do is create N application pools, define the
appropriate username/password for each application pools to correspond
to the N EXE's.

Is this correct?

Also, how do ISP's maintain separation between a server hosting, say,
20 of their customers web sites?

TIA,

-Le Chaud Lapin-

Re: Semantics of Process Model - Identity

Regarding question 2, have a look at that paper:
http://www.microsoft.com/downloads/details.aspx?familyid=9E3 3EA25-666C-47FA-AC52-8D04785C4BD2&displaylang=en

Marc

"Le Chaud Lapin" wrote in message
news:2370b756-59df-43d5-8b06-bef60239653d@u69g2000hse.google groups.com...
> Hi All,
>
> I have an EXE that is normally launched N times, where N is number of
> users logged into a machine and decides to use the EXE.
>
> I also have an ISAPI DLL that talks to the EXE, andit is necessary
> that the DLL and its host process run under the same user account as
> the EXE (same kernel namespace).
>
> So I am looking at the IIS 7.0 configuration options, and it seems
> that what I would like to do is create N application pools, define the
> appropriate username/password for each application pools to correspond
> to the N EXE's.
>
> Is this correct?
>
> Also, how do ISP's maintain separation between a server hosting, say,
> 20 of their customers web sites?
>
> TIA,
>
> -Le Chaud Lapin-

Re: Semantics of Process Model - Identity

On Apr 2, 7:06=A0am, "Lognoul, Marc \(Private\)"
wrote:
> Regarding question 2, have a look at that paper:http://www.microsoft.com/d=
ownloads/details.aspx?familyid=3D9E33EA25-666...
>
> Marc

Thanks, but, it looks like that paper is written for ASP.NET.

We have an ISAPI DLL written in C++ that is registered as a server-
wide module.

What I was interested in was the separation model for multiple sites
on same machine.

For example, let's say that a web-hosting company has 20 sites on one
of its servers, one for each of its customers, all unrelated to each
other.

If I were one of those customers, I might have ISAPI DLL that I wrote
to sit behind my site to help handle HTTP requests. But certainly the
ISP would not allow my DLL to run in the same process context as that
enabling the other 19 sites. If it did, I could simply add code to my
DLL to spy on the other 19 sites' HTTP requests, and steal
information, etc. I could also crash w3wp.exe, bringing down the other
19 sites.

So at very minimum, I would expect that a web-hosting company would
have 20 distinct w3wp.exe processes, one for each site. But this might
not be enough, as, with some trickery, if my w3wp.exe lies within the
same logon context as the other 19 w3wp.exe, I could still steal
information from other sites.

So, there has to be some kind of isolation certainly beyond URL path
examination, and probably beyond multiple w3wp.exe.

I'd like to know how it's done. I called a major USA hosting company
last night and asked, and the customer service rep said that his
technician told him "we cannot give out that information."

-Le Chaud Lapin-

Re: Semantics of Process Model - Identity

Hi,

If you are using IIS 6.0, you would run each worker process under a separate
identity. You would use NTFS permissions to ACL the content of each
individual website. That's a starting point. Microsoft has a Web Hosting
Solution accelerator on their website that you can download (this gives you
documents, scripts etc) for building and configuring IIS servers in a
hosting environment.

For IIS 7.0 there's a new feature called web app pool isolation, that can
avoid the necessity for creating large numbers of user accounts:
http://www.adopenstatic.com/cs/blogs/ken/archive/2008/01/29/ 15759.aspx

But again, you might just be better off buying a good book in IIS 7.0

Cheers
Ken

--
My IIS blog: http://adopenstatic.com/blog

"Le Chaud Lapin" wrote in message
news:2370b756-59df-43d5-8b06-bef60239653d@u69g2000hse.google groups.com...
> Hi All,
>
> I have an EXE that is normally launched N times, where N is number of
> users logged into a machine and decides to use the EXE.
>
> I also have an ISAPI DLL that talks to the EXE, andit is necessary
> that the DLL and its host process run under the same user account as
> the EXE (same kernel namespace).
>
> So I am looking at the IIS 7.0 configuration options, and it seems
> that what I would like to do is create N application pools, define the
> appropriate username/password for each application pools to correspond
> to the N EXE's.
>
> Is this correct?
>
> Also, how do ISP's maintain separation between a server hosting, say,
> 20 of their customers web sites?
>
> TIA,
>
> -Le Chaud Lapin-

Re: Semantics of Process Model - Identity

Hello,

See inline

Marc

"Le Chaud Lapin" wrote in message
news:fceea24f-ec21-44db-84b2-c15832478ed9@s50g2000hsb.google groups.com...
> On Apr 2, 7:06 am, "Lognoul, Marc \(Private\)"
> wrote:
>> Regarding question 2, have a look at that
>> paper:http://www.microsoft.com/downloads/details.aspx?family id=9E33EA25-666...
>>
>> Marc
>
> Thanks, but, it looks like that paper is written for ASP.NET.
>
Yes it is mostly for ASP.NET hosting but information regarding isolation
using separate app pools are applicable to any kind of hosting.
> We have an ISAPI DLL written in C++ that is registered as a server-
> wide module.
>
> What I was interested in was the separation model for multiple sites
> on same machine.
>
> For example, let's say that a web-hosting company has 20 sites on one
> of its servers, one for each of its customers, all unrelated to each
> other.
>
> If I were one of those customers, I might have ISAPI DLL that I wrote
> to sit behind my site to help handle HTTP requests. But certainly the
> ISP would not allow my DLL to run in the same process context as that
> enabling the other 19 sites. If it did, I could simply add code to my
> DLL to spy on the other 19 sites' HTTP requests, and steal
> information, etc. I could also crash w3wp.exe, bringing down the other
> 19 sites.
>
> So at very minimum, I would expect that a web-hosting company would
> have 20 distinct w3wp.exe processes, one for each site. But this might
> not be enough, as, with some trickery, if my w3wp.exe lies within the
> same logon context as the other 19 w3wp.exe, I could still steal
> information from other sites.
>
> So, there has to be some kind of isolation certainly beyond URL path
> examination, and probably beyond multiple w3wp.exe.
If I undertand your request correctly, you already gave the solution:
Assuming your ISAPI is an application, not a filter, running every site
using its own app pool and a separate identity should do the job.
If the application requires anonymous access, having one dedicated anonymous
account per site is also advised.
Then regarding what's happening outside the w3wp process, it's up to you to
grant the permission to the app pool identity (com, local or remote
permissions...)

Look on the MS web site, there are tons of resources regarding shared
hosting.

> I'd like to know how it's done. I called a major USA hosting company
> last night and asked, and the customer service rep said that his
> technician told him "we cannot give out that information."
>
This I can imagine :)
> -Le Chaud Lapin-
>