Worker Process

Re: Worker Process


Unfortunately I don't think there's a lot of information on how this works.
I've looked for this for quite some time as well in the past and couldn't
get much. Microsoft is pretty tight lipped about the Worker Process, ISAPI
interfaces to ASP.NET etc. and label that as implementation specific.

As far as security goes, the worker process is started by using the account
you specify in the App Pool. You can check that in Task Manager which shows
the real account, rather than what's impersonated. So I'm not sure what you
mean by Ghost account...

ASP.NET can add impersonation ontop of the launching account depending on
the settings in web.config. If Impersonation is on, ASP.NET will run under a
different account than the underlying account the Worker process is running
under.

Maybe this will help:



+++ Rick ---

--

Rick Strahl
West Wind Technologies





"Studio P.M." <StudioPM@discu ssions.microsof t.com> wrote in message
news:C2059BEF-FCF3-41B5-A5D4-FEB78F4D3984@mi crosoft.com...[color=blue]
> Does anyone know a valid and compete reference paper about what the
> "Worker Process" precisely is and does? So far I couldn't find any.
>
> Reason is that during last weeks I had to go deep down into SharePoint
> security, and the related identities. Which, by the way, as I realized,
> are
> at least two: the Log on "real" one, and the Application Pool "ghost" one;
> under which, indeed, the "Worker Process" is said to operate: wherefrom
> the
> reason for this question.
>
> Thanks for your attention.
> P.M.
>[/color]

Re: Worker Process

> I've looked ... and couldn't get much
I know a proverb saying that “A shared pain is almost a joy”.
[color=blue]
> what you mean by Ghost account.[/color]
Trying to be both expressive and synthetic I defined as “real” the user
declared at Log on, and as a “ghost” the user possibly declared internally in
such an environment as an Application Pool or a Virtual Directory permitting
Anonymous access. And my question is about the fact that to say that the
identity under which a “Worker Process” operates--in an “Application Pool
Settings for Worker Process Isolation Mode”--is such and such, does mean
almost nothing if what this “Worker Process” is, and does, is undocumented
and, therefore, unknown. Isn’t it?

That said in general and in particular with respect to the specific subject
of my interest, which is SharePoint.


I heard rumors that “Worker Process” is a synonym for “Application Domain”,
which is a much more documented subject. Thus I’m currently further
investigating under this bold assumption. Do you have any opinion about this?
Thank you.

All the best.
Pietro Moras
- - - - -=- - - - -=- - - - -=- - - - -=- - - - -=- - - - -=

"Rick Strahl [MVP]" wrote:
[color=blue]
>
> Unfortunately I don't think there's a lot of information on how this works.
> I've looked for this for quite some time as well in the past and couldn't
> get much. Microsoft is pretty tight lipped about the Worker Process, ISAPI
> interfaces to ASP.NET etc. and label that as implementation specific.
>
> As far as security goes, the worker process is started by using the account
> you specify in the App Pool. You can check that in Task Manager which shows
> the real account, rather than what's impersonated. So I'm not sure what you
> mean by Ghost account...
>
> ASP.NET can add impersonation ontop of the launching account depending on
> the settings in web.config. If Impersonation is on, ASP.NET will run under a
> different account than the underlying account the Worker process is running
> under.
>
> Maybe this will help:
> http://west-wind.com/weblog/posts/2153.aspx
>
>
> +++ Rick ---
>
> --
>
> Rick Strahl
> West Wind Technologies
> www.west-wind.com
> www.west-wind.com/weblog
>[/color]