Is ASP.NET multithreaded (how does it execute requests)

Question

This might be a bit of a silly question but;

If I have two people logging on to my site at exactly the same time, will the server side code be executed one after the

Answer 1

As others said, most webservers use multiple processes or threads (better) to serve multiple requests at a time. In particular, you can set each ASP.NET application pool with a max number of queued requests and max worker processes. Each process has multiple threads up to a maximum (not configurable AFAIK, I may be wrong), and incoming requests are processed on a first-in-first-out basis.

Moreover, ASP.NET processes one single request for each session - but a malicious user can open as many sessions as she wants.

Multiple logins will probably hit the database and bring it to its knees probably before the webserver itself.

As far as I know, there is not a built-in way to throttle ASP.NET requests other than setting the max number of queued requests (waiting to be processed). This number should be ideally very small. You can monitor the number of queued ASP.NET requests using performance counters. Say you find that, on peak traffic, this number is 100. You can then update application so that it refuses login attempts when this number is above 100 so that the database is not hit (never did that, just a thought).