Setting up web server security in IIS 7.0

Basic authentication determines who can access resources on a web server. This authentication method requires users to provide a valid user name and password to access content. For more information about Basic authentication, go to Configuring Authentication in IIS 7.0 on the Microsoft TechNet website.

Digest authentication uses a Windows domain controller to authenticate users who request access to content on your web server. When you need improved security over Basic authentication, consider using Digest authentication, especially if your environment contains firewalls and proxy servers. For more information about Digest authentication, go to Configuring Authentication in IIS 7.0 on the Microsoft TechNet website.

Windows authentication is best suited for an intranet environment. For more information about Windows authentication, go to Configuring Authentication in IIS 7.0 on the Microsoft TechNet website.

Client certificate mapping allows you to map users on a Windows domain to a specific client certificate. For more information about mapping certificates, go to IIS 7.0: Configure Client Certificate Mapping Authentication on the Microsoft TechNet website.

IIS client certificate mapping allows you to map a certificate to a specific client or to a group of clients. For more information about mapping certificates, go to IIS 7.0: Configure Client Certificate Mapping Authentication on the Microsoft TechNet website.

URL authorization allows you to create rules that authorize user access to the URLs that make up a web application. For more information about URL authorization, go to Configuring URL Authorization Rules in IIS 7.0 on the Microsoft TechNet website.

When you want to restrict the types of HTTP requests your server will process, you can configure IIS 7.0 to analyze specific criteria for each incoming request. For more information about request filtering, go to Filter HTTP Requests in IIS 7.0 on the Microsoft TechNet website.