Difference Between Windows IIS 6.0 And IIS 7.0
IIS6.0
1.HTTP.sys was a HTTP-specific protocol listener for HTTP requests.
2.IIS 6.0 makes use of centralized configuration store
3.In IIS6.0, IIS would examine the request and perform its authentication routines and then afterwards pass it to ASP.NET so it could do a similar task.
IIS7.0
1.HTTP.sys remains the HTTP listener in IIS 7.0, but includes support for Secure Sockets Layer (SSL).To support services and applications that use protocols other than HTTP and HTTPS, you can use technologies such as Windows Communication Foundation (WCF).
2.The old centralized configuration store is replaced with new delegated configuration system based on a hierarchy of distributed XML configuration files. There are parent level and child level configurations and the parent level configuration can allow or deny changes to parent level settings at child level or all parent level settings can be inherited at the child level.
3.There is unified model to produce a new robust pipeline that provides the best of the both older models. IIS still supports all the old authentication protocols but also now supports forms authentication which can protect against all content types and does not rely on Windows accounts. This is great and I like this change. Passport authentication is not supported.
-------------------------------------------------------------------------------------------------------------
Internet Information Services (IIS) is the second most popular Web server application available, beat out only by Apache HTTP Server. It was created by Microsoft for use with Windows (both clients and servers). When Windows is installed, IIS is not turned on by default. It must be selected from optional features. IIS 6.0 is available with Windows Server 2003 and XP Professional. IIS 7.0 comes with Windows Server 2008 and Vista.
Architecture:
One of the main advantages of IIS 7.0 over 6.0 is the new modular architecture. Modules, units of code that perform authorization, authentication, logging and more, can be plugged in or out as needed. The server can be more lightweight because there is no need to install a feature, or module, unless it will be used. Administrators will be able to manage their environment easier. Developers will be able to create the optimum environment for their needs. Additionally, many hosting companies support the Microsoft URL Rewrite Module, which provides a way to perform redirects, send responses and abort requests based on customized rules. There are over 40 different modules that are available for installation during the IIS setup process.
Integration:
Before IIS 7.0, ASP.NET integrated with IIS by using an ISAPI extension. This essentially created two server pipelines, a pipeline within a pipeline, one for native ISAPI components and one for ASP.NET and other managed application components. IIS 7.0 provides a unified pipeline where native and managed components exist as modules. All modules, native and managed, can equally register for events in the pipeline. This also allows for a single point of administration for implementation, configuration and monitoring of all modules and server features. For those who are uncomfortable with or confused by this new integrated mode, IIS 7.0 still supports a classic mode, which is the same pipeline configuration as IIS 6.0. In classic mode, the ASP.NET pipeline runs entirely within the IIS pipeline.
Security:
IIS 7.0 supports both the IIS 6.0 authentication protocols and a new forms authentication. Forms authentication does not depend on Windows accounts and protects access to all types of content. IIS 7.0 offers two authorization solutions. The main difference being the way the authorization rules are processed. The newest model processes rules in order of child, parent, then grandparent. The old ASP.NET authorization process rules exactly the opposite. SSL host headers have been moved into the HTTP.SYS store. This allows SSL Certificates to be added to the server rather than the site, making it easy to deploy one certification to multiple sites. IP Restrictions are precisely the same in IIS 6.0 and 7.0. The only change is a new property, allow Unlisted, which makes for a simpler process when configuring global security policies.