Default IIS Settings

Out of the box, Internet Information Services comes configured for basic usage. It is not configured for scalability or security without a little user intervention. However, this configuration is quite simple and does not require recompilation of the entire server to see the changes in effect. As mentioned at the beginning of this chapter, IIS has five built-in ways of authenticating users. By default, when a new virtual Web is created, Anonymous Access and Integrated Windows Authentication are enabled. This means that, if not specified otherwise in the web.config file, .NET will execute under the ASP.NET account, unless a directory has been established that requires Integrated Windows Authentication to access resources. ...

Get .NET Framework Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.