Is it possible to make part of a site on IIS only viewable from localhost?

Question

We\'ve got a webserver running IIS. We\'d like to run maybe a shared blog or something to keep track of information. Because of security issues, we\'d like for that part to

Answer 1

I agree with the recommendations to use IIS "Directory Security" to block all IP address except 127.0.0.1 (localhost).

That said, I'm wondering how this strategy of requiring users to remote in could possibly be more secure. Wouldn't it be more secure (as well as much simpler) to use standard IIS authentication mechanisms rather than have to manage Windows roles and permissions on the server machine?