← Back to Frameworks

Microsoft IIS

Microsoft's Windows-specific web server. Features deep Windows integration and .NET application support. Modular architecture with full ASP.NET integration.

Web ServerWindows.NETASP.NETMicrosoftEnterprise

Web Server

Microsoft IIS

Overview

Microsoft Internet Information Services (IIS) is a Windows-exclusive web server developed by Microsoft. It features deep integration with Windows environments and complete support for .NET applications, with a stable adoption track record in enterprise environments. Included as standard in Windows Server OS, it enables reliable web service delivery in corporate systems through seamless integration with the Microsoft technology stack.

Details

IIS was released in 1995 for Windows NT 3.51 and has been continuously developed up to the current version 10.0. It maintains a 5-10% share in the current web server market, with continued use particularly in Windows environments and companies adopting Microsoft technology stacks.

Key Technical Features

  • Windows OS Integration: Complete integration with Active Directory and Windows authentication
  • .NET Framework Support: Optimal execution environment for ASP.NET and ASP.NET Core
  • Rich Management Tools: GUI management through IIS Manager
  • Security Features: Integration with Windows security model
  • Scalability: Load balancing through Application Request Routing (ARR)

Use Cases

  • ASP.NET/.NET Core web applications
  • Website hosting in Windows environments
  • Enterprise intranet systems
  • Foundation for Microsoft products like SharePoint and Exchange
  • On-premises components in hybrid cloud environments

Advantages and Disadvantages

Advantages

  • Windows Integration: OS-level optimization and deep integration
  • .NET Optimization: Highest performance for ASP.NET applications
  • Easy Management: Intuitive GUI-based management interface
  • Enterprise Support: Comprehensive support system by Microsoft
  • Security: Complete integration with Windows security
  • Azure Integration: Easy hybrid deployment with cloud

Disadvantages

  • Windows-only: Cannot be used on Linux or other operating systems
  • License Cost: Windows Server license required
  • Memory Usage: Relatively high resource consumption
  • Flexibility Limitations: Constrained to Windows environment
  • Open Source Community: Limited community support

Reference Pages

Configuration Examples

Basic web.config Configuration

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <!-- Default document configuration -->
    <defaultDocument>
      <files>
        <clear />
        <add value="Default.aspx" />
        <add value="index.html" />
        <add value="index.htm" />
      </files>
    </defaultDocument>
    
    <!-- MIME type configuration -->
    <staticContent>
      <mimeMap fileExtension=".json" mimeType="application/json" />
      <mimeMap fileExtension=".woff" mimeType="font/woff" />
      <mimeMap fileExtension=".woff2" mimeType="font/woff2" />
    </staticContent>
    
    <!-- Compression configuration -->
    <httpCompression>
      <dynamicTypes>
        <add mimeType="application/json" enabled="true" />
        <add mimeType="application/javascript" enabled="true" />
      </dynamicTypes>
    </httpCompression>
  </system.webServer>
</configuration>

URL Rewrite Configuration

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <!-- HTTPS redirect -->
        <rule name="Redirect to HTTPS" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" 
                  redirectType="Permanent" appendQueryString="false" />
        </rule>
        
        <!-- Pretty URLs -->
        <rule name="Pretty URLs" stopProcessing="true">
          <match url="^([^/]+)/?$" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
          </conditions>
          <action type="Rewrite" url="page.aspx?id={R:1}" />
        </rule>
        
        <!-- API routing -->
        <rule name="API Routes" stopProcessing="true">
          <match url="^api/([^/]+)/([^/]+)/?$" />
          <action type="Rewrite" url="api/handler.ashx?controller={R:1}&amp;action={R:2}" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

ASP.NET Core Application Configuration

<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet"
                  arguments=".\MyApp.dll"
                  stdoutLogEnabled="false"
                  stdoutLogFile=".\logs\stdout"
                  hostingModel="InProcess" />
    </system.webServer>
  </location>
</configuration>

Security Configuration

<configuration>
  <system.webServer>
    <!-- Security headers -->
    <httpProtocol>
      <customHeaders>
        <add name="X-Frame-Options" value="SAMEORIGIN" />
        <add name="X-Content-Type-Options" value="nosniff" />
        <add name="X-XSS-Protection" value="1; mode=block" />
        <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
        <add name="Content-Security-Policy" value="default-src 'self'" />
      </customHeaders>
    </httpProtocol>
    
    <!-- IP restrictions -->
    <security>
      <ipSecurity>
        <add ipAddress="192.168.1.0" subnetMask="255.255.255.0" allowed="true" />
        <add ipAddress="10.0.0.0" subnetMask="255.0.0.0" allowed="true" />
        <add ipAddress="0.0.0.0" subnetMask="0.0.0.0" allowed="false" />
      </ipSecurity>
    </security>
    
    <!-- Authentication configuration -->
    <security>
      <authentication>
        <windowsAuthentication enabled="true" />
        <anonymousAuthentication enabled="false" />
      </authentication>
    </security>
  </system.webServer>
</configuration>

PowerShell Management Script

# IIS management PowerShell script

# Import WebAdministration module
Import-Module WebAdministration

# Create new website
New-Website -Name "ExampleSite" -Port 80 -PhysicalPath "C:\inetpub\wwwroot\example" -BindingInformation "*:80:example.com"

# SSL certificate binding
New-WebBinding -Name "ExampleSite" -IP "*" -Port 443 -Protocol https
$cert = Get-ChildItem cert:\LocalMachine\My | Where-Object {$_.Subject -like "*example.com*"}
New-Item -Path IIS:\SslBindings\0.0.0.0!443 -Value $cert

# Application pool configuration
New-WebAppPool -Name "ExampleAppPool"
Set-ItemProperty -Path "IIS:\AppPools\ExampleAppPool" -Name processModel.identityType -Value ApplicationPoolIdentity
Set-ItemProperty -Path "IIS:\AppPools\ExampleAppPool" -Name recycling.periodicRestart.time -Value "00:00:00"

# Assign application pool to website
Set-ItemProperty -Path "IIS:\Sites\ExampleSite" -Name applicationPool -Value "ExampleAppPool"

# Log configuration
Set-ItemProperty -Path "IIS:\Sites\ExampleSite" -Name logFile.logFormat -Value "W3C"
Set-ItemProperty -Path "IIS:\Sites\ExampleSite" -Name logFile.directory -Value "C:\inetpub\logs\LogFiles"

Application Request Routing (ARR) Configuration

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Load Balance Rule" patternSyntax="ECMAScript" stopProcessing="true">
          <match url=".*" />
          <action type="Rewrite" url="http://backend-farm/{R:0}" />
        </rule>
      </rules>
    </rewrite>
    
    <!-- ARR configuration -->
    <proxy enabled="true" />
    <applicationRequestRouting>
      <serverFarms>
        <serverFarm name="backend-farm">
          <server address="192.168.1.10" enabled="true" />
          <server address="192.168.1.11" enabled="true" />
          <server address="192.168.1.12" enabled="true" />
          <loadBalancing algorithm="RoundRobin" />
          <healthCheck enabled="true" interval="00:00:30" />
        </serverFarm>
      </serverFarms>
    </applicationRequestRouting>
  </system.webServer>
</configuration>

Diagnostics and Logging Configuration

<configuration>
  <system.webServer>
    <!-- Custom error pages -->
    <httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL">
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" path="/errors/404.html" responseMode="ExecuteURL" />
      <remove statusCode="500" subStatusCode="-1" />
      <error statusCode="500" path="/errors/500.html" responseMode="ExecuteURL" />
    </httpErrors>
    
    <!-- Trace configuration -->
    <tracing>
      <traceFailedRequests>
        <add path="*.aspx">
          <traceAreas>
            <add provider="ASP" verbosity="Verbose" />
            <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
            <add provider="ISAPI Extension" verbosity="Verbose" />
            <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI" verbosity="Verbose" />
          </traceAreas>
          <failureDefinitions statusCodes="500" timeTaken="00:00:30" />
        </add>
      </traceFailedRequests>
    </tracing>
  </system.webServer>
</configuration>