ASP.NET application under SharePoint website
-
05-10-2020 - |
Pregunta
The Default Web Site on my Windows Server 2008 with IIS 7 is running MOSS 2007 (SharePoint). Since I want users to feel like they are still on the portal, I created a similarly branded ASP.NET web application and set it up as a virtual directory based application under the same site. Both the Default Web Site and this ASP.NET application are using the same application pool.
- Is this safe/good practice?
- If I enable and use session in the ASP.NET application, will that in any way jeopardize the integrity/performance of SharePoint managed session, or affect SharePoint in any other way?
Solución
If you want to go on with this approach, at least make sure you:
- Created a dedicated application pool for the ASP.NET app, possibly with a dedicated identity account.
- Set the virtual folder as an application in IIS.
- Use the dedicated app pool for this app.
If you follow these steps, you have something "safe" considering the constrain "everything runs on the same machine".
Using a dedicated app pool is the best approach you can have here:
- It prevents a crash from pool A to affect pool B.
- It ensures sessions are not mixed-up (actually, it's thanks to the Web app created in IIS for the ASP.NET app folder).
- A hacker gaining access to pool B would not have access to your SP DB (since the identity is totally different and has probably no access to the SQL server).
Note: In SP2003 you had to create an explicit exclusion for the app folder in the Central Admin (managed paths); this is not required/possible anymore since 2007.