I have IIS7 setup with a directory secured using BASIC Authentication only.
The directory is on a network share but only two Active Directory usernames
have NTFS permissions to this folder. One username is for the IIS entry to
have permission to the share. The second username is to be used
externally/publically when visiting the website.
It works great. The username can login fine. But...
So can all the other usernames within Active Directory. I have isolated this
shared folder to only allow these two usernames (both in their own security
groups too), yet every username in AD can login.