About 11 years ago, one of the great new features of the .NET Framework was, that you could use code access security (CAS) to control applications: now not only the permissions of the user matter, but thanks to CAS, the code can also have permissions, and in the end they both define what an app can do and what not.
This architecture seemed really promising, but only very few people started using it, although you could use CAS to isolate server applications. For example, according to a Patterns & Practices guidance from 2005, setting Medium trust for ASP.NET is good way to isolate applications from each other on the same server and within the same process.
Since then, many things happened, but CAS has not evolved since version 1.1. No surprise that Jeroen Frijters could find a weak spot in the system, which made Microsoft to update the previous guidance.
According to the KB2698981 knowledge base article, ASP.NET Medium trust is not suitable to isolate apps any more within the same process. The new guidance drops the same process option, and recommends running your web apps in separate application pools, which essentially means separate processes. This is reasonable, because that’s what application pools are originally made for in IIS 6.
I strongly recommend reading KB2698981 for sysadmins as well as developers, because it describes:
- How to put sites in separate application pools
- How to configure application pools for isolation
- How to configure DACLs
- How to configure a Temporary ASP.NET Files folder location and how to set DACLs per site
- How to remove sensitive configuration data from root configuration files
Please take application pools seriously and use them, especially with ApplicationPoolIdentity. It can help you sleep better.