What ASP.NET Programmers Should Know About Application Domains

When we launch the Notepad program in Windows, the program executes inside of a container known as a process. We can launch multiple instances of Notepad, and each instance will run in a dedicated process. Using the Task Manager application, we can see a list of all processes currently executing in the system.

A process contains the executable code and data of a program inside memory it has reserved from the operating system. There will be at least one thread executing instructions inside of the process, and in most cases there are multiple threads. If the program opens any files or other resources, those resources will belong to the process.

A process is also boundary. Erroneous code inside of a process cannot corrupt areas outside of the current process. It is easy to communicate inside of a process, but special techniques are required to communicate from one process to another. Each process also runs under a specific security context which can dictate what the process can do on the machine and network.  

A process is the smallest unit of isolation available on the Windows operating system. This could pose a problem for an ISP who wants to host hundreds of ASP.NET applications on a single server. The ISP will want to isolate each ASP.NET application to prevent one application from interfering with another company’s application on the same server, but the relative cost of launching and executing a process for hundreds of applications may be prohibitive.

当我们运行windows系统中的记事本程序时，程序在一个被称为进程的容器中执行，我们可以运行多个记事本的实例，每一个实例会在一个专用的进程中执行。通过使用任务管理器，我们一个系统当前运行中的进程列表。

一个进程包含内存里一个程序的可执行代码和它从系统中保存的数据，进程中，至少会有一个线程执行指示，大多数情况下，会有多个。如果这个程序打开了任何文件或者资源，这些资源将属于这个进程。

一个进程也是有边界的，一个进程中的错误代码无法影响到当前进程之外的区域。在一个进程内部通信十分简单，但是在进程间的通信就需要特殊的技术。每一个进程都在一个具体的安全环境下运行，这个环境决定了进程可以在本机和网络上做些什么。

一个进程是windows操作系统中可以被隔离出来的最小单元。这给想要在一台服务器上运行数百个ASP.NET程序的ISP提出了一个难题，ISP会想将每个ASP.NET程序分割开来以防一个程序干扰到另一个，但是相对的，为数百个程序装载并运行一个进程的代价也是很高的。

Introducing the Application Domain

.NET introduces the concept of an application domain, or AppDomain. Like a process, the AppDomain is both a container and a boundary. The .NET runtime uses an AppDomain as a container for code and data, just like the operating system uses a process as a container for code and data. As the operating system uses a process to isolate misbehaving code, the .NET runtime uses an AppDomain to isolate code inside of a secure boundary.

Note, however, that the application domain is not a secure boundary when the application runs with full trust. Applications running with full trust can execute native code and circumvent all security checks by the .NET runtime. ASP.NET applications run with full trust by default.

An AppDomain belongs to only a single process, but single process can hold multiple AppDomains. An AppDomain is relatively cheap to create (compared to a process), and has relatively less overhead to maintain than a process. For these reasons, an AppDomain is a great solution for the ISP who is hosting hundreds of applications. Each application can exist inside an isolated AppDomain, and many of these AppDomains can exist inside of a single process – a cost savings.

.NET推出了”程序域“（AppDomain）的概念，就像一个进程，程序域既是一个容器也是一个边界，.NET运行时将程序域用作一个代码和数据的容器，就像操作系统使用一个进程那样。操作系统使用进程来分割不同行为的代码，而.NET运行时使用程序域来将代码分隔在一个安全的边界内。

注意：如果程序在完全信任状态下运行，程序域将不再是一个安全边界，此时程序可以运行本地代码并绕过.NET运行时的所有安全检查。ASP.NET默认运行在完全信任状态下。

AppDomains And You

You’ve created two ASP.NET applications on the same server, and have not done any special configuration. What is happening?

A single ASP.NET worker process will host both of the ASP.NET applications. On Windows XP and Windows 2000 this process is named aspnet_wp.exe, and the process runs under the security context of the local ASPNET account. On Windows 2003 the worker process has the name w3wp.exe and runs under the NETWORK SERVICE account by default.

An object lives in one AppDomain. Each ASP.NET application will have it’s own set of global variables: Cache, Application, and Session objects are not shared. Even though the code for both of the applications resides inside the same process, the unit of isolation is the .NET AppDomain. If there are classes with shared or static members, and those classes exist in both applications, each AppDomain will have it’s own copy of the static fields – the data is not shared. The code and data for each application is safely isolated and inside of a boundary provided by the AppDomain

In order to communicate or pass objects between AppDomains, you’ll need to look at techniques in .NET for communication across boundaries, such as .NET remoting or web services.

Note again: the one caveat to the idea of an AppDomain as a boundary is that ASP.NET applications will run with full trust by default. Fully trusted code can execute native code, and native code can essentially have access to anything inside the process. You’ll need to run applications with partial trust to restrict access to unmanged code and verify all managed code to secure AppDomains.

你已经在同一服务器上创建了两个ASP.NET程序，并没有做任何的配置。会发生什么？

一个单一的ASP.NET工作进程会同时支持两个ASP.NET程序，windowsXP和windows2000下这个进程叫做aspnet_wp.exe,这个进程运行在本地ASPNET账户的安全环境中。windows2003下，这个工作进程叫做w3wp.exe，默认运行在网络服务账户下。

一个对象在一个程序域中生存。每一个ASP.NET 程序都会有自己的全局变量的设置：Cache,Application, Session对象是不共享的。即使是两个程序的代码都驻留在同一个进程中，以.NET程序域作为分隔的单元。如果有些类拥有共有或者是静态的成员，并且这些类在两个程序中都存在，每一个程序域都会有它自己的静态域的备份——数据是不共享的。每个程序的代码和数据都被安全的分隔在程序域提供的边界中。

为了在程序域之间通信或者是传递对象，你需要关注.NET中关于越界通信的技术，比如说.NET remoting或web services。

注意：ASP.NET程序默认在完全信任状态下运行，完全信任代码可以执行本地代码，而本地代码实质上对进程中的任何东西都有访问权限，你需要以部分信任状态运行程序来限制对未经管理的代码的访问并审核所有被管理代码来保证程序域的安全。

Shadow Copies and Restarts

Once an assembly is loaded into an AppDomain, there is no way to remove the assembly from the AppDomain. It is possible, however, to remove an AppDomain from a process.

If you copy an updated dll into an application’s bin subdirectory, the ASP.NET runtime recognizes there is new code to execute. Since ASP.NET cannot swap the dll into the existing AppDomain , it starts a new AppDomain. The old application domain is “drain stopped”, that is, existing requests are allowed to finish executing, and once they are all finished the AppDomain can unload. The new AppDomain starts with the new code and begins taking all new requests.

Typically, when a dll loads into a process, the process locks the dll and you cannot overwrite the file on disk. However, AppDomains have a feature known as Shadow Copy that allows assemblies to remain unlocked and replaceable on disk.

The runtime initializes ASP.NET with Shadow Copy enabled for the bin directory. The AppDomain will copy any dll it needs from the bin directory to a temporary location before locking and loading the dll into memory. Shadow Copy allows us to overwrite any dll in the bin directory during an update without taking the web application offline.

一旦一个部件被载入到一个程序域中，就不可能再被移除出去，然而，将一个程序域从一个进程中移除却是可能的。

如果你将一个更新过的动态链接库（DLL）复制进一个程序的bin子目录，ASP.NET运行时认为这儿有新的可执行代码。因为ASP.NET无法将这个动态链库交换进一个已有的程序域，它启动一个新的程序域。老的程序域“流停止”，即，当前的请求被允许停止执行，并且，一旦他们（这些请求）都结束，老的程序域可以卸载。新的程序域启动，使用新的代码并且开始接受所有新的请求。

通常情况下，当一个动态链接库装载到一个进程中，进程会锁定这个动态链接库并且你无法覆盖磁盘上的这个文件。然而，程序域有个被称为Shadow Copy的特性，允许组件保持解锁状态并且可以被替换。

运行时初始化ASP.NET默认为bin目录启用Shadow Copy，程序域会在将任何它需要的动态链接库装载进内存之前把这些dll从bin目录中复制到一个临时位置。Shadow Copy允许我们在一次更新中覆盖bin目录中的任何动态链接库而不用使web程序离线。

Master Of Your Domain

主宰你的领域 ^^

Application domains replace the OS process as the unit of isolation for .NET code. An understanding of application domains will give you an idea of the work taking place behind the scenes of an ASP.NET application. Using the Current Domain property of the AppDomain class you can inspect properties about the AppDomain your code is executing in, including the Shadow Copy settings we discussed in this article.

程序域取代了系统进程成为了.NET代码分隔的单元。理解程序域会让你知道一个ASP.NET 程序背后发生的工作。使用程序域类的Current Domain属性，你可以检查你的代码正在其中执行的程序域的属性，包括我们在这篇文章中讨论过的Shadow Copy的设置。