Divya's Blog

Posts Tagged ‘IIS

IIS has three level of isolation:-

  1. LOW (IIS process)
  2. Medium pooled scenario
  3. High isolation scenario

LOW (IIS process):

  • In this main IIS process and ASP.NET application run in same process.
  •  So if any one crashes the other is also affected.

Example : It is possible to  host yahoo, hotmail .amazon and google on a single PC. So all application and the IIS process runs on the same process. In case any website crashes it affects every one.

Medium (Pooled):

  • In Medium pooled scenario the IIS and web application run in different process.
  • So in this case there are two processes process1 and process2.
  • In process1 the IIS process is running and in process2 we have all Web application running.

High (Isolated):

  • In high isolated scenario every process is running is there own process.
  • In given figure of high isolated scenario,there are five processes and every one   individual application.this requires heavy memory capacity with high fidelity.

                                       High isolation scenario

Medium pooled scenario

LOW IIS process scenario


Windows authentication and IIS

 windows authentication for ASP.NET application, need to configure authentication within IIS. This is because IIS provides Windows authentication.

IIS provides four different authentication methods:

  1. Anonymous
  2. Basic
  3. Digest and
  4. Windows integrated
  • IIS doesn’t perform any authentication for  the anonymous authentication ie it allows any one to access the ASP.NET application.
  • In the  basic authentication, users must provide a windows username and password to connect. How ever this information is sent over the network in clear text, which makes basic authentication very much insecure over the internet.
  • In the digest authentication, users must still provide a windows user name and password to connect. However the password is hashed before it is sent across the network.
  • Digest authentication requires that all users be running Internet Explorer 5 or later and that windows accounts to stored in active directory.

Windows integrated authentication:

  • In windows integrated authentication, passwords never cross the network.
  • Users must still have a username and password, but the application uses either the Kerberos or challenge/response protocols authenticate the user.
  • Windows-integrated authentication requires that all users be running internet explorer 3.01 or later Kerberos is a network authentication protocol.
  • It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
  • Kerberos is a solution to network security problems. It provides the tools of authentication and strong cryptography over the network to help to secure information in systems across entire enterprise

Passport authentication

  • Passport authentication  make  use  of Microsoft’s passport service to authenticate users of your application.
  • If  users have signed up with passport and we configure the authentication mode of the application to the passport authentication, all authentication duties are off-loaded to the passport servers.
  •  Passport uses an encrypted cookie mechanism to indicate authenticated users. If users have already signed into passport when they visit our site, they’ll be considered authenticated by ASP.NET. Otherwise they’ll be redirected to the passport servers to log in. When they are successfully log in, they’ll be redirected back to your site
  • To use passport authentication we have to download the Passport Software Development Kit (SDK) and install it on our server.

The SDK can be found at http://msdn.microsoft.com/library/default.asp?url=/downloads/list/websrvpass.aps. It includes full details of implementing passport authentication in your own applications.

Forms authentication

  • Forms authentication provides us with a way to handle authentication using our own custom logic with in an ASP.NET application.

The following applies if we choose forms authentication.

  •  When a user requests a page for the application, ASP.NET checks for the presence of a special session cookie. If the cookie is present, ASP.NET assumes the user is authenticated and processes the request.
  • If the cookie isn’t present, ASP.NET redirects the user to a web form you provider and we may choose any authentication method to check the form
  •  When the user is authenticated, you indicate this to ASP.NET by setting a property, which creates the special cookie to handle subsequent requests.

  A webapplication is a type of client/server application, which means that the functions of the application are split between a client computer and a server computer. The client and server computers are connected to one another via the Internet, and they communicate with each other using HTTP(Hypertext Transfer Protocol).

  • To access a web application, you use a web browser that runs on a client computer
  • The web application itself is stored on the server computer. This computer runs web server software that enables it to send web pages to web browsers.

Popular  web servers

  1. Microsoft’s Internet Information Services (or IIS) for ASP.NET
  2. Apache HTTP Server.


  • The web applications work with data that’s stored in a database, most server computers also run a database management system (or DBMS).
  • The DBMS provides access to information stored in a database. To improve performance on larger applications, the DBMS can be run on a separate server computer.

Popular database management systems for ASP.NET development

  1.  Microsoft SQL Server
  2.  Oracle.


The user interface for a web application is implemented as a series of web pages that are displayed in the web browser. Each web page is defined by a web form using HTML, or Hypertext Mark up Language, which is a standardized set of mark up tags.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 6 other followers

Subscribe our Blog

CLUSTER MAPS Locations of visitors to this page


Error: Please make sure the Twitter account is public.