The previous chapter discussed the architecture of the new IIS 7.0 integrated mode in detail. This chapter starts by introducing the advantages, the new IUSR built-in account and IIS_IUSRS built-in group, replacing the old IUSR_MACHINENAME user account and IIS_WPG group. The chapter continues to describe security-related processing that occurs each time the unified request-processing pipeline processes a request. A combination of the application's configuration in IIS and the ASP.NET configuration for the application determines the security context that is initialized for each request.
Once a request enters IIS 7.0, the first defense gate takes control to validate the request before starting the unified request-processing pipeline. Once accepted, the unified pipeline starts processing and handling the request. The added value of the new IIS 7.0 integrated mode is that IIS and ASP.NET both subscribe to the same events fired during the processing of the request.
After a request is running through the unified pipeline, the authentication and authorization options that have been configured for the application take affect. If a request passes authentication and authorization checks, there is still one last hurdle to clear; the HttpHandler that is assigned to process the request, in case the request is an ASP.NET resource.
In this chapter, you will learn about:
The new IUSR built-in account and IIS_IUSRS built-in group. ...