ASP.NET application under SharePoint website

Question

The Default Web Site on my Windows Server 2008 with IIS 7 is running MOSS 2007 (SharePoint). Since I want users to feel like they are still on the portal, I created a similarly branded ASP.NET web application and set it up as a virtual directory based application under the same site. Both the Default Web Site and this ASP.NET application are using the same application pool.

• Is this safe/good practice?
• If I enable and use session in the ASP.NET application, will that in any way jeopardize the integrity/performance of SharePoint managed session, or affect SharePoint in any other way?

Answer 1

If you want to go on with this approach, at least make sure you:

1. Created a dedicated application pool for the ASP.NET app, possibly with a dedicated identity account.
2. Set the virtual folder as an application in IIS.
3. Use the dedicated app pool for this app.

If you follow these steps, you have something "safe" considering the constrain "everything runs on the same machine".
Using a dedicated app pool is the best approach you can have here:

• It prevents a crash from pool A to affect pool B.
• It ensures sessions are not mixed-up (actually, it's thanks to the Web app created in IIS for the ASP.NET app folder).
• A hacker gaining access to pool B would not have access to your SP DB (since the identity is totally different and has probably no access to the SQL server).

Note: In SP2003 you had to create an explicit exclusion for the app folder in the Central Admin (managed paths); this is not required/possible anymore since 2007.