I use IIS 7.5 on windows 7 to serve my asp.net websites for testing purposes. In order to stop random people viewing my websites I want IIS to require a username and password before it will serve anything.

I have tried disabling Anonymous Authentication and enabling Windows Authentication on the application but when I type my windows credentials in it doesn't work.

Can somebody explain a simple way of doing this?

You need "Basic Authentication":

1. Open Internet Information Services (IIS) Manager:

   • If you are using Windows Server 2008 or Windows Server 2008 R2:

     On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows Vista or Windows 7:

     On the taskbar, click Start, and then click Control Panel. Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

2. In the Connections pane, expand the server name, expand Sites, and then click the site, application or Web service for which you want to enable basic authentication.

3. Scroll to the Security section in the Home pane, and then double-click Authentication.
4. In the Authentication pane, select Basic Authentication, and then, in the Actions pane, click Enable.
5. In the Authentication pane, select Anonymous Authentication, and then click Disable in the Actions pane.

quoted from Basic Authentication How To

With Colin's anwser, don't forget to install "Basic Authentification" feature in the Roles and Features Assistant : "IIS > WebServer > Security"