To restrict access to a folder or site on your IIS web server:
Log in to the server and open the IIS Manager (MMC).
Navigate to the site or folder you want to protect.
Right-click on the site or folder, then choose Properties.
Go to the Directory Security tab.
Under Authentication and access control, click the "Edit" button.
Uncheck the "Enable anonymous access" option.
This ensures that users will be required to provide credentials.
Click OK to save the changes, then OK again to close the properties window.
Now, when visitors try to access the directory, they will be prompted to enter a username and password. By default, valid FTP credentials will work for access