After securing the environment, you can now look to secure your IIS 8.0 server itself. There are several configuration options in IIS 8.0 that can be used to restrict access or deny certain types of requests without any knowledge of who the end user is. These configuration options are the focus of this security chapter.
Chapter 14, “Authentication and Authorization,” examines how to provide protected access to resources based on who the end user is. This covers authentication technologies (such as Basic, Digest, and Kerberos authentication) as well as authorization configuration (how to configure access to resources to permit only certain users access), and also information on the various identities that are used by IIS 8.0 internally to provide access to functionality.