Access in IIS
In a Nutshell - CIW Course Section 3, Part A1, Chapter 8
Access Methods in IIS
By default IIS permits anonymous access to your web site. This allows any user to open the files or pages on your site. Behind the scenes, it is actually using the account of IUSR_SERVERNAME to gain access to the server resources.
Using Basic Authentication has some drawbacks. Firstly, it is not secure as username and passwords are transferred to the server with plain text. Secondly, the user must have a local account on the server.
Integrated Windows Authentication is an improvement. This encrypts the username/password before transmission and the login dialog includes the option to specify a domain for the user. This has the advantage that, if the server is being used for an Intranet then any user logged on to the network receives seamless access as they are already authenticated.
I know nothing about Digest Authentication. I have never needed it nor ever tried it out.
Access by IP Address
From the Directory Security tab in the Default Web Site's properties dialog, click the Edit button in the "IP address and domain name restrictions" section.
From this dialog you can grant or deny access to the Web Site. If you have granted access to all, the exclusion list will deny the specific addresses. If you have denied access then the listed addresses will be granted access.