What are role services in IIS 7?

I am new to the software development and recently started learning some programming languages like ASP.NET and VB.NET. To run the project it is necessary to activate IIS. Now I am not having any idea about the role services that are used in IIS 7 (we are using IIS 7). So please tell me what are role services in IIS 7? It would be much better if you members provide an information in detail. Since you members provided some very useful notes last time, I thought to post my query here instead of searching on net (and getting senseless solutions). I am waiting for your responses.

Safety is the top priority IIS 7. An important part of the role services for the control of the installed functionality. This allows IIS to set up modular and avoid unnecessary service - and reduce the attack surface. With the concept of roles and functions in Windows Server 2008, Microsoft has also introduced the role services. Role services are parts of roles, and may be used to control the specific functions available within a role. In the IIS 7 (Internet Information Services), there are over 40 different role services that can be selected. This can be controlled optimally the available functionality. This is important for safety reasons, the attack surface of IIS to minimize 7th At the same time it also brings benefits to the demand management - less server services automatically means less base load on the server. In addition, servers and the maintenance of IIS 7-simplified, since patches are required for fewer services and maintenance operations are less frequent and shorter thereby.

The list of role services in IIS 7 is divided into several categories:

• Common HTTP features on the example of static content or error messages may appear.
• Application development with support for ASP, ASP.NET, ISAPI filters and other interfaces to extend the basic functionality of the IIS.
• Integrity and diagnosis with analysis and reporting capabilities for the IIS service.
• Security with the choices for the supported authentication interfaces.
• can be output with services for performance tuning, compressed with different types of content.
• Administration Tools
• IIS 6 Management Compatibility services that are required to provide different interfaces for configuration files, WMI and other areas, if operating in mixed environments.
• FTP services

Many of these services can be established independently of other services, while obviously more basic functions such as the access needed to static pages. If there are dependencies, role services, but it is noted with the installation anyway.

A particularly interesting area of the role services are security services, and here again the now selectable authentication functions. There can be configured such that only with the integrated Windows authentication is working, but not with the - at least without using SSL - more unstable basic authentication. The former is within an internal network of the best approach, especially as additional features such as single sign-on made possible. Digest authentication is a modification of the basic authentication. Not the password itself, but transmit a hash of the password. This also achieves a higher security than basic authentication - while one has not the limitations of the Windows authentication.

There are also two authentication methods based on client digital certificates. They differ in the form in which the certificates are mapped to users. There are two alternatives:

1. The Client Certificate Mapping Authentication is a new variant in the Active Directory for the mapping of client certificates used to be user accounts. Here, a 1:1 mapping of certificates to support users. This method is slower, but requires no specific configuration of the mappings in IIS.
2. The IIS client certificate mapping authentication uses the other hand, in the same form as in previous versions of a mapping within the IIS 7 for the allocation of certificates to users. The method is more efficient because the interaction is less complex with the Active Directory for authentication.

It is also important here is that the use of client digital certificates in any event, the appropriate role service must be installed.

In the security role of the services, there are several other interesting features:

• The URL authorization allows the setting of rules that only specific users, groups, or HTTP header information of the access to specified URLs will be allowed in with. It is a simple form of Web access management, ie the external access control at the URL level. This feature is also particularly related to the ADFS (Active Directory Federation Services) and its established access management and Web single sign-on capabilities important.
• The request filtering allows the processing of requests based on rules and can be used to make critical or suspicious applications, the very long run, for example, to filter out. It is therefore an important element in strategies for the protection from attack.
• The IP and domain restrictions will eventually filter by IP addresses and sender domains.

All these functions can be set up optional. While with the authentication mechanisms most important thing is to eliminate potentially unsafe practices, must be considered in the further security if the filters are actually required - for each additional filter means an additional processing step, even if few or no rules configured.