[DaiPlusPlus]

IIS can be configured by non-expert users easily, and without necessarily compromising security, thanks to the well-designed (I’m being serious) administration tools that MS has (thankfully) not butchered-up over the past 15 years.

It’s an “old-world” web-server (like Apache, etc) which defaults to “filesystem-first” which is great for quickly making a directory available on the web, and its architecture employing recyclable worker-processes (since IIS 6) with limited privileges gives it the performance benefits of in-proc code-execution (vs CGI/FastCGI) without the risk of a vuln compromising the entire web server. Oh, and HTTP.sys is pretty nice and fast too. I’ve never had reliability or crashing issues with IIS: if your worker-process goes down it means your application code has a crashing bug in it, not IIS.

Yeah, nginx is nice - but is also a relatively recent tool (since 2004, I didn’t start seeing people prefer it for projects until after NodeJS gave them a reason to use it - so around 10 years ago). While nginx supports Windows, there’s a big fat caution saying it’s performance is sub-par still: https://nginx.org/en/docs/windows.html

So if you’re on Windows - because you’re a (non-Linux) .NET shop, or want/need to run on on-prem Windows Server boxes (especially SMB scenarios) it just makes sense to use IIS: it’s already there and certainly is not an underperforming, insecure, or otherwise “bad” web-server.