Microsoft has published an article about IIS 7.0 in hosted environments. The article “Provisioning IIS 7.0 for Secure Hosting” was published on the IIS.net website.
This how-to-paper will overview guidelines and recommendations that should be followed when deploying IIS 7.0 in a hosted environment securely.
For those readers unfamiliar with the concept, isolation refers to the degree of separation between two Web applications running on a single computer. In this paper, we use the notion of a Web application in a very broad sense; it includes the processes, files, and even users, serviced by an application hosted on a Web server. Web applications are isolated from each other to the degree that one Web application is prevented from accessing resources used by another Web application. In IIS 6.0 and IIS 7.0 we use application pools to provide this isolation. To make the most of isolation in IIS, you must create a new application pool for every site you wish to isolate.
Since a majority of Hosting businesses use provisioning scripts to setup their sites, this paper will provide code samples to perform each of the critical operations along the way to provide the most value to its readers. The code samples used in this paper will reference the new IIS 7.0 Microsoft.Web.Administration APIs but all the same operations can still be done using the older APIs that were supported in previous versions of IIS.
What we will be doing in this paper can be divided into two categories:
- Application Pool Isolation
- Useful tips for mass hosting environments
Read the full article at source.