I have four different Application Pools, each one for a different web site, all running as Network Service
.
Is this a normal configuration to have?
Can it cause problems between the different applications?
I have four different Application Pools, each one for a different web site, all running as Network Service
.
Is this a normal configuration to have?
Can it cause problems between the different applications?
If you've configured each site's Anonymous Authentication to use "Application Pool Identity" then requests will run as the
Network service
account.If this isn't a shared server, i.e. you're not allowing your customers or users to upload content or deploy ASP.NET applications, and you and your team are the sole deployers/mamagers then this isn't a terrible thing to do.
That said, if one site becomes compromised then it will be possible to attackers to compromise the other sites. If the
Network Service
account only has read access then the attack would be limited to data theft, otherwise they'll be able to do much more damage.Unless you have a very good reason to, it is always a good idea to configure your application pools to run as
Application Pool Identity
. IIS will synthesise an account for you when the application pool is running. You should configure your public facing www folders to give appropriate permissions to an account known asIIS AppPool\[POOL_NAME]
where[POOL_NAME]
is the name of the application pool for the site.You may wish to have a read of one of my previous answers related to this to help you understand this mechanism:
And see also: