I have an IIS 7.5 website that I want to allow anyone coming in from the internet to require a password before they can view the site (Basic Authentication), whereas anyone coming from internal network should not need a password.
How would I go about this?
There are a couple of different methods for this. Since this system is not on a domain, you can't take advantage of integrated security like AD.
That said, if the websites are hosting primarily static data, you can create 2 copies of the site, with 2 different IP's, and then simply setup authentication for the public site, and leave the private wide open.
So in effect, you have a PUBLIC site, and a PRIVATE site, but both point to the same root directory. That's the quick and easy way since you have easy authentication mechanism like Active Directory to filter requests.