Configuring IIS to use multiple application pools for a single website
I have a web application/website running on IIS 7.5 and higher that I am trying to configure to use multiple application pools to segregate functions for security and performance purposes. The problem is when I create and use the second application pool the secondary function doesn't work. The rest of the site works fine, but as soon as I click a link that uses a resource in the secondary pool (link to ISAPI DLL that downloads a zip file) it gives a service unavailable message (404).
I have tried numerous configurations including giving full/admin permissions for App Pool Identity, Physical Path Credential, Windows file permissions, Windows Share permissions, etc (including using all of the same permissions for both application pools) with no change. The files are on the local server and not over a network (although in some case it will be run over a network). If I try the same configurations under a single Application Pool it works fine with multiple configurations, but as soon as I separate the main website function from the secondary function it breaks.
There seems to be something with separate Application Pools that overrides all other permissions to the resource. The strange thing is that I had this working on over 10 servers previously and it stopped working at some point and I don't know why. My guess is there was a Windows Update that "fixed" a security function that broke the config. I simply consolidated the application pools and it worked fine. Keeping this config in the future will be problematic as we move away from COMs and into something that is multi-threaded soon.
Any ideas or thoughts? I thought there might be some Application Pool Isolation security that I need to disable or something?
The only way to have multiple applications pools for one web sites on IIS is to split the site up into various applications, you always have the root application and potentially multiple application below it.
Each application can be assigned its own application pool.
But after splitting a site into various applications it doesn't behave as a single entity anymore, there are many things you can no longer do between these now separated parts of your site.
Without knowing the details it is difficult to diagnose why your second application pool fails. It may run under a different account, sessions are no longer shared etc.
There is nothing inherent in IIS that prevents you from running a site with various appPools, but each application is its own thing.
If you are saying it worked before on 10 servers and now it doesn't work on all of them, check what you have done to your configuration on all of them. I don't know of any security fix to Server 2008 R2 that changed it's behaviour, at least not since Service Pack 1.