An example analysis of account password change and its impact on Web application pool _win Server

Source: Internet
Author: User

Instance Scenario

    1. We have a Web site (named Test) that uses an application pool (the name is also test)

    1. The user account used for this application pool is app_pool_test

    1. The current password for this account is assumed to be ABC. When I set it up, I can open the Web site normally.

The function of this demo page is very simple, I use the following code to access the database

Copy Code code as follows:

Using System;
Using System.Collections.Generic;
Using System.Linq;
Using System.Web;
Using System.Web.UI;
Using System.Web.UI.WebControls;
Using System.Data.SqlClient;
Namespace WebApplication1
{
public partial class _default:system.web.ui.page
{
protected void Page_Load (object sender, EventArgs e)
{
using (var conn = new SqlConnection ("server= (local) \\sqlexpress;database=northwind;integrated security=true"))
{
Conn. Open ();
Response.Write (Conn. State.tostring ());
}
}
}
}

Please note that I did not specify a username and password here, but instead used the integrated security=true. This is often referred to as "trust connections" or "Integrated authentication." This question, I will explain below.

As you can see, the site works. Feature is nothing great, it's a simple demo. But here's a question to consider:

Suppose app_pool_test the password for this account for what reason needs to be modified (this is normal, many companies have the password to modify the policy), then

1. Can the website still open normally?

2. Is the database still accessible?

I'm going to do a test here and I'm going to change the password on my account.

Strangely enough, we will find that the site can still be opened and the database can still be accessed.

First of all, here you should have a question: why is this? Did the password change not take effect? When will it come into effect?

Let's go on to do the experiment. If the current server, for some reason (such as installing a patch package), requires a reboot. Or you yourself. For some reason, you need to restart IIS, for example, by executing the following command

Then we try to open the page just now and we'll find the following error

In general, the 503 error indicates that there is a problem with the application pool in the background, and we see it in IIS and we do find it stopped.

And you'll find that no matter how you start, as long as the page refreshes, it stops again.

Unless, once again, you will set the correct username and password once again here.

Then you'll find that the site works.

I hope you understand the question I want to describe: how the site's application pool account password is modified and how it affects the current Web site.

Let me tell you the conclusion

1. If the current website is not reset. I tested it to continue to use as long as IIS has not been restarted or the application pool has not been stopped.

2. Otherwise, the current Web site will not work correctly, and the application pool can no longer be started unless the correct password is set.

So, what is this for?

1. When IIS starts, all application pools are started by default, and their identities and passwords are used to request that the Windows system (possibly native, or possibly AD) be authenticated

2. As soon as the certification is passed, the application pool will start and the identity will be cached.

3. In general applications, if you choose the "Integrated Authentication (integrated security=true)" approach when you access the background database, you are using this identity as an application pool.

4. "Integration verification" is sometimes referred to as a trust connection, what does that mean? That is, SQL Server actually no longer authenticates the account and password, it "trusts" the identity that Windows passes over, that is, as long as the 2nd step is passed, the account number is app_pool_test, then SQL Server thinks it is App_pool_ Test, and no longer repeat the authentication password.

5. When IIS is restarted, or the application pool is restarted, the identity needs to be authenticated again. If the password does not match at this time, it is natural that the application pool cannot be started, and then it is natural that the Web site cannot be started, and then the behavior of accessing the database does not occur.

Summarize

There are a number of complex and even tricky situations you will encounter when you deploy your application, and this article describes one of the common situations:

Application pool account password modified (in fact, many times, as a developer's point of view, you may not know that the password has been modified), so you may find some "weird" phenomenon, such as just the normal use of the program, suddenly can not use. Understanding this article will help you explain the situation and understand how to solve it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.