Configuring Security

Configuring SSL in IIS Manager

VideoVideo

IIS Team

Enabling powerful SSL security to protect your Web applications is simpler to setup with IIS Manager and easier to deploy with self-signed certificates in IIS 7.0 and above. This tutorial covers ad...

Application Pool Identities and SQL Server Express

ArticleArticle

Thomas Deml

Introduction IIS 7.5 on Windows 7 or Windows Server 2008 R2 supports a new feature called "Application Pool Identity". It allows the effective isolation of Application Pools without having to maint...

Using Encryption to Protect Passwords

ArticleArticle

Saad Ladki

This document provides an overview of the steps required for setting both application pool and worker process isolation for IIS 7.0 and above servers. Application pool isolation entails protecting...

Understanding IIS 7.0 URL Authorization

ArticleArticle

Saad Ladki

Authorization was difficult in previous versions of IIS. Because IIS only worked with Windows identities, you had to go to the file system and set Access Control Lists on files and directories. Thi...

Use Request Filtering

ArticleArticle

IIS Team

UrlScan, a security tool, was provided as an add-on to earlier versions of Internet Information Services (IIS) so administrators could enforce tighter security policies on their Web servers. Within...

How to Set Up SSL on IIS 7

ArticleArticle

Saad Ladki

The steps for configuring Secure Sockets Layer (SSL) for a site are the same in IIS 7 and above and IIS 6.0, and include the following: Get an appropriate certificate. Create an HTTPS binding on a...

Configuring One-to-One Client Certificate Mappings

ArticleArticle

Robert Lucero

IIS 6 had a User Interface to configure and map one to one certificates for authentication. It allowed users to select the validation client certificate and assign the authorized user credentials....

Using Enhanced Request Filtering Features in IIS7

ArticleArticle

Suditi Lahiri

This article provides a list of common usage scenarios for enhanced Request Filtering features, which is shipped with Windows Server 2008 SP2 or can be downloaded from http://www.microsoft.com/down...

Using Dynamic IP Restrictions

ArticleArticle

Nazim Lala

The Dynamic IP Restrictions (DIPR) module for IIS 7.0 and above provides protection against denial of service and brute force attacks on web servers and web sites. To provide this protection, the m...

Application Pool Identities

ArticleArticle

Thomas Deml

Introduction IIS introduces a new security feature in Service Pack 2 (SP2) of Windows Server 2008 and Windows Vista. It's called Application Pool Identities. Application Pool Identities allow you t...

Ensure Security Isolation for Web Sites

ArticleArticle

Tali Smith

Introduction The recommendation for isolating Web sites in a shared hosting environment is consistent with all general security isolation recommendations for Internet Information Services 7 (IIS 7)...

Configure Request Filtering in IIS

ArticleArticle

Keith Newman and Robert McMurray

This document shows you how to use common request-filter settings to improve the security of your IIS 8 web server. Request filters restrict the types of HTTP requests that IIS 8 processes. By bloc...