Installing Windows Internet Information Services (IIS) Manager
Note: It is recommended to follow infrastructure and security best practices when installing IIS, as detailed at https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/iis-best-practices/ba-p/1241577#:~:text=%20IIS%20Best%20Practices%20%201%20Application%20pool,than%20the%20one%20you%20keep%20your...%20More%20
Note: It is highly recommended to implement the Transport Layer Security (TLS) best practices with the .NET Framework to address weak SSLciphers, as detailed at https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
Note: It is highly recommended to implement the Content Security Policy (CSP) best practices to prevent cross-frame scripting, as detailed at https://docs.microsoft.com/en-us/microsoft-edge/extensions-chromium/store-policies/csp
Note: It is highly recommended to implement Microsoft Security Advisory 3009008 to prevent weak SSL protocols, as detailed at https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3009008
Note: It is highly recommended to implement Request Filtering <requestFiltering> best practices to prevent HTTP method overrides, as detailed at https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/
-
Install Internet Information Services (IIS) Manager with the following features:
-
Commons HTTP Features/Default Document
-
Commons HTTP Features/Directory Browsing
-
Commons HTTP Features/HTTP Errors
-
Commons HTTP Features/Static Content
-
Heath and Diagnostics/HTTP Logging
-
Performance/Static Content Compression
-
Security/Request Filtering
-
-
Obtain and install a security certificate within IIS Manager. This will typically need to be performed by corporate IT.
Note: Using a security certification is required to use the application.
-
Download and install the version of ASP.NET Core Runtime - Windows Hosting Bundle corresponding to your environment and the Software Compatibility Matrix.