Internet Information Services and Iis Essay

Submitted By romeosja
Words: 423
Pages: 2

Authentication is the process that helps a web server confirm the identity of the clients who request access to the server’s websites and applications. Authentication is a fundamental and crucial service—especially if the web server hosts private information or mission-critical applications. Microsoft Internet Information Services 7.0 (IIS)—the web server that’s bundled with Windows Vista and Windows Server 2008—includes several authentication options, both new options and updates to those in earlier IIS versions. We’ll look at how the new authentication features compare with those in previous IIS versions and how they can help you improve control of IIS authentication and your web server’s security. Table 1 compares the different IIS 7.0 authentication protocols. (To learn more about other security-related changes in IIS 7.0, see “Unleash the Power of Microsoft Internet Information Services 7.0's Security Features,” October 2007.)

IIS 7.0 Authentication Methods Like its predecessors, IIS 7.0 supports the classic HTTP authentication protocols (basic and digest authentication), the typical Windows authentication protocols (NTLM and Kerberos), and client certificate–based authentication. Another long-standing authentication option that’s still around in IIS 7.0 is anonymous or unauthenticated access.

New in IIS 7.0 is support for a logon redirection–based authentication method called forms authentication. Also, in IIS 7.0 Microsoft removed the support for Microsoft Passport–based authentication. Passport, the former Microsoft cookie-based web single sign-on (SSO) solution for MSN and related Microsoft and partner websites, is the predecessor to Windows Live ID, the new Microsoft Web SSO solution for Windows Live and related websites (which IIS 7.0 doesn’t support, either).

A significant change in IIS 7.0 is that these authentication