We need to understand what resources are available to your IIS application; how it handles content files of different types, such as static files, ASP files, or ISAPI files; and how it groups content files into applications. An introduction to the client/server relationship is included for first-time readers unfamiliar with web servers.

IIS 7 and later provide a request-processing architecture. We get the following additional benefits of request processing, since the default configuration monitors each request and validates implemented security rules:

• The Windows Process Activation Service (WAS), which enables sites to use protocols other than HTTP and HTTPS
• A web server engine that can be customized by adding or removing modules
• Integrated request-processing pipelines from IIS and ASP.NET

We require an up-and-running IIS 10.0 instance. Security components should be installed. You should have administrative privileges.

Now, we are going to review the components and modules.

1. Start Server Manager on Windows Server 2016, which already should have IIS 10.0 installed on it.
2. Go to the Tools menu at the top.
3. You will be able to see Internet Information Service Manager (IIS).

4. Click on IIS Server, which is to the left-hand side of the IIS Manager window, as shown here:

5. In the Server Manager panel, you will see the list of default components installed. You can configure them as per your requirements. For example, you can configure security and management options.
6. Let's understand where the modules are. In the previous figure, you will see the icon called Modules, which will open the default configuration at this stage.

7. Double-click on Modules, and you will get the list of modules available in IIS 10.0:

8. All the modules are by default configured to native mode. We can reconfigure them as per our application requirements.

The combination of components and modules helps us implement application request processes and security settings quickly.

Let's discuss the components and modules available in IIS 10.0 Server in detail.

Let's observe HTTP requests of IIS 10.0 IIS 7 and later versions have an HTTP request-processing flow similar to that of IIS 6.0 and below.

1. When a client browser initiates an HTTP request for a resource on the web server, HTTP.sys intercepts the request.
2. HTTP.sys contacts Windows Activation Service (WAS) to obtain information from the configuration store.
3. WAS requests configuration information from the configuration store, applicationHost.config.
4. The World Wide Web Publishing Service (WWW Service) receives configuration information, such as application pool and site configuration.
5. The WWW Service uses the configuration information to configure HTTP.sys.
6. WAS starts a worker process for the application pool to which the request was made.
7. The Worker Process processes the request and returns a response to HTTP.sys.
8. The client receives a response.

In a worker process, an HTTP request passes through several ordered steps, called events, in the Web Server Core. At each event, a native module processes part of the request, such as authenticating the user or adding information to the event log. If a request requires a managed module, the native Managed Engine module creates an AppDomain, where the managed module can perform the necessary processing, such as authenticating a user with Forms Authentication. When the request passes through all of the events in the Web Server Core, the response is returned to HTTP.sys. The following figure shows an HTTP request entering the Worker Process: