Im setting up a combined website and extranet currently, they both read from the same database on the same server as the site is hosted on. The reason being that the website is fed from the data that the staff plug into the extranet interface. it also links in to AD for authorising access to the extranet.
I have the extranet in a folder within the website folder.
What I want to do is only allow the extranet to be accessed from computers within our LAN, but allow the main website to be freely accessible to internet users.
I have it set up as a generic web server currently, so anyone can view anything (well up to the point where the user is asked to log into the extranet of course!
I have read a lot on this but nothing I read applies to, or works in IIS7.5
Have you checked out the IIS 7.5 "IPv4 Address and Domain Restrictions" feature to restrict traffic by IP address. You can apply this on a folder by folder basis, like you mentioned. -Chris