Default IIS Settings
Out of the box, Internet Information Services comes configured for basic usage. It is not configured for scalability or security without a little user intervention. However, this configuration is quite simple and does not require recompilation of the entire server to see the changes in effect. As mentioned at the beginning of this chapter, IIS has five built-in ways of authenticating users. By default, when a new virtual Web is created, Anonymous Access and Integrated Windows Authentication are enabled. This means that, if not specified otherwise in the web.config file, .NET will execute under the ASP.NET account, unless a directory has been established that requires Integrated Windows Authentication to access resources. ...
Get .NET Framework Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.