Application Pools is a basic feature of IIS. It uses to isolate the web application from other web application for better security, performance and availability. Here are some basic info about it.
- It contains more than one web applications that’s why it is called Application pools.
- Each pool runs on its worker process ( w3wp.exe) and In-process Session state is stored in the worker process. So, all session state destroyed by stop (manually or accidentally) the worker process.
- Pool associates with account identity. Account identity is a main feature in IIS. Account identity has own .Net framework and user permissions.
- There are four built-in account security levels.
- ApplicationPoolIdentity ( by default )
- LocalService (used by windows service control manager)
- LocalSystem (has access to network resources)
- NetworkService ( buit-in Windows identity and having low privileged )
Custom Account Identity:
- Custom account identity can be added in application pool. So, it means we can set different account identity on different pools and control the folders/files permissions etc.
- Each Application Pool load specific .NET CLR version which increase the flexibility.
- Each Application Pool has specific queue length if limit exceeded then new HTTP request will receive the 503 “Service Unavailable” message.
Purpose of Application Pools:
- To associate the application(s) with the desired security levels.
- To isolate web applications from one another. So, if one application create problem or fail then it would not effect on other web applications.
- To assign .Net framework versions to different pools.
- To improve the web application performance.