I'm going on a roadtrip to Europe for two weeks to present a 1 day class on IIS 7! There are actually two teams of two and I'm on the 2nd team leaving in two weeks for two weeks. (see http://blogs.iis.net/rickjames/archive/2007/05/06/iis-7-talks-reykjavik-and-london.aspx). This is going to be fun! Or course, getting the content together is part of the gig and that's a challenge as I am really hard nosed about getting it right. My style is a lot more informational and less marketing focused than some would like, but my belief is that if have a good product, you don't need a lot of hype. And IIS 7 is a good product.

As I study some of the demos we're doing and talk to the IIS program mangers, I learn more about some of the stuff under the covers that isn't getting a lot of press. Security is one of those topics and as luck would have it, is my particular most interested topic. Imagine that.

Did you know that IIS 7 has built in a new feature called URL Authorization that allows you to restrict access to content without using file permissions? You can simply entire a rule in the UI or directly in the .config file that says deny user="Bob" and Bob will be denied access. The cool part of this is that if you copy the content to another server (and this feature is delegeated), then your security rules move with the content. Think about that for bit. No more managing NTFS permissions on a per sever basis. You could just assign permissions for the worker process identity to have access to the content (and maybe the IUSR account <maybe? Yes maybe. You can tell IIS 7 to use the worker process identity for anon access!).

This is huge and it works with any content, not just .NET.

Just one of the many new security features built into IIS7 we'll be showing on the roadshow. I'm so psyched about the new security improvements that I'll be posting some screencasts on channel 9. But hey, you don't need to wait. It's not a special builld or anything. URLAuthorizatin is in Beta 3 Just download beta3 and check it out for yourself!

http://www.iis.net/articles/view.aspx/Managing-IIS7/Configuring-Security/URL-Authorization/Understanding-IIS7-URL-Authorization?tabid=1

http://www.microsoft.com/windowsserver/longhorn/audsel.mspx

I'll be posting pictures, quotes and details from the trip so stay tuned.