Difference between IIS 6.0,7.0,,8.5

IIS 6.0 and higher support the following authentication mechanisms:
  • Anonymous authentication
  • Basic access authentication
  • Digest access authentication
  • Integrated Windows Authentication
  • UNC authentication
  • .NET Passport Authentication (Removed in Windows Server 2008 and IIS 7.0)
  • Certificate authentication

IIS 7.0 has a modular architecture. Modules, also called extensions, can be added or removed individually so that only modules required for specific functionality have to be installed. IIS 7 includes native modules as part of the full installation. These modules are individual features that the server uses to process requests and include the following:

  • Security modules – Used to perform many tasks related to security in the request-processing pipeline, such as specifying authentication schemes, performing URL authorization, and filtering requests.
  • Content modules – Used to perform tasks related to content in the request-processing pipeline, such as processing requests for static files, returning a default page when a client does not specify a resource in a request, and listing the contents of a directory.
  • Compression modules – Used to perform tasks related to compression in the request-processing pipeline, such as compressing responses, applying Gzip compression transfer coding to responses, and performing pre-compression of static content.
  • Caching modules – Used to perform tasks related to caching in the request-processing pipeline, such as storing processed information in memory on the server and using cached content in subsequent requests for the same resource.
  • Logging and Diagnostics modules – Used to perform tasks related to logging and diagnostics in the request-processing pipeline, such as passing information and processing status to HTTP. sys for logging, reporting events, and tracking requests currently executing in worker processes.

IIS 7.5 includes the following additional or enhanced security features:

  • Client certificate mapping
  • IP security
  • Request filtering
  • URL authorization- Improved WebDAV and FTP modules as well as command-line administration in PowerShell

Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named “IUSR_{machinename}” is a built-in account in Vista and future operating systems and named “IUSR”. Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled.

IIS 8.0 offers new features targeted at performance and easier administration. The new features are:

  • Application Initialization – a feature that allows an administrator to configure certain applications to start automatically with server startup. This reduces the wait time experiences by users who access the site for the first time after a server reboot.
  • Splash page during application initialization – the administrator can configure a splash page to be displayed to the site visitor during an application initialization.
  • ASP.net 4.5 support – With IIS 8.0, ASP.net 4.5 is included by default, and IIS also offers several configuration options for running it side-by-side with ASP.net 3.5.
  • Centralized SSL certificate support – a feature that makes managing certificates easier by allowing the administrator to store and access the certificates on a file share.
  • Multicore scaling on NUMA hardware – IIS 8.0 provides several configuration options that optimize performance on systems that run NUMA, such as running several worker processes under one app-pool, using soft or hard affinity and more.
  • WebSocket Protocol Support
  • Server Name Indication (SNI) – SNI is an extension to Transport Layer Security, which allows binding of multiple websites with different hostnames to one IP address (similar to how Host Headers are used for non-SSL sites).
  • Dynamic IP Address Restrictions – a feature that enables an administrator to dynamically block IPs or IP ranges that hit the server with a large number of requests
  • CPU Throttling – a set of controls that allow the server administrator to control CPU usage by each application pool in order to optimize performance in a multi-tenant environment

IIS 8.5 has several improvements related to performance in large-scale scenarios, such as those used by commercial hosting providers and Microsoft’s own cloud offerings. It also has several added features related to logging and troubleshooting. The new features are:

  • Idle worker-Process page-out – a function to suspend idle site to reduce the memory footprint of idle sites
  • Dynamic Site Activation – a feature that registers listening queues only to sites that have received requests
  • Enhanced Logging – a feature to allow collection of Server variables, request headers and response headers in the IIS logs
  • ETW logging – an ETW provider which allows collecting real-time logs using various Event-tracing tool
  • Automatic Certificate Rebind – a feature that detects when a site certificate has been renewed, and automatically rebinds the site to it.

If you have any questions feel free to contact me on admin@windowstechno.com also follow me on facebook @windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

Leave a Reply