The project I'm working on contains three folder under "Views" folder: Home, Shared, and Data folders.

What can I add to my web.config file to deny everyone access except people with IP address xxx.x.xx.xx?

Essentially, what would be the equivalent of placing a .htaccess file inside the "Data" folder under views with the code:

order deny,allow
deny from all
allow from xxx.x.xx.xx

Is there a way to do this without active directory?

On IIS7 use IPSecurity to restrict by IP address:

<system.webServer>
  <security>
    <ipSecurity allowUnlisted="false">          
       <clear/>
       <add ipAddress="xxx.x.xx.xx" allowed="true"/>  
    </ipSecurity>
  </security>

https://www.iis.net/configreference/system.webserver/security/ipsecurity

Similar topics: Best way to restrict access by IP address?, Internal Server Error with web.config ipSecurity, http://www.victor-ratajczyk.com/post/2011/12/21/Webconfig-ipSecurity-Allow-specific-IP-addresses-Deny-all-others.aspx