Simple config which is obvious when you remember and dont forge :-) This allows all users access your website but also allows you to check via your code or other custom authentication their right to access it.

      <authenticationmode="Windows">

      </authentication>

      <authorization>

        <allowusers="*" />

        <denyusers="?" />

      </authorization>

      <anonymousIdentificationenabled="false" />

You will get the username etc and will be able to take actions you desire.

Hopefully might come in handy for someone who forgets!