Web.Config & URL Authorization
If you are making the change to IIS 7 and you use your web.config file to control access there are a couple things you need to know.
This is known as URL Authorization and has changed a little from the older versions of IIS. In the past we could just make sure the site was set to integrated authentication and then set our web.config authentication mode with authroization allow/deny settings and be happy.
I have been learning the hard way there is a bit of a change for those using IIS7 or better. To explain it best I will simply use a couple links to the information I have found.