Chapter 5 -- Internet Information Services Security Overview

[Previous] [Next]

Chapter 5

Internet Information Services (IIS) 5 is a mature, high-performance Microsoft Windows 2000-based Web server, which builds on the success of IIS 4, the most popular Web server for Microsoft Windows NT 4. In this chapter, we'll examine some of the security features of IIS 5 as well as some of the server's new functionality.

Because IIS is a Windows 2000 system service and relies heavily on the security functionality in Windows 2000, it's assumed in this chapter that you have read Chapter 3, "Windows 2000 Security Overview," or have a good working knowledge of Windows 2000 security.

We'll cover the following topics in this chapter:

  • Internet authentication
  • Web authentication protocol details
  • Anonymous access
  • Basic authentication
  • Digest authentication
  • Integrated Windows authentication and the Negotiate protocol
  • X.509 client certificate authentication
  • Configuring SSL/TLS
  • IIS authorization—the marriage of Windows 2000 security and the Web
  • IIS process identities

A New Feature of IIS 5—WebDAV

Defined in RFC 2518 (http://www.ietf.org/rfc/rfc2518.txt), Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP 1.1 protocol that allows users to collaboratively edit and manage documents on Web servers. IIS 5, Microsoft Internet Explorer 5, and Microsoft Office 2000 support WebDAV.

You can find more information about WebDAV at the WebDAV Resources Web site (http://www.webdav.org) and at the Microsoft Developer Network (MSDN) Web site at http://msdn.microsoft.com/standards/WebDAV.asp.



Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 138

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net