Our situation:
Our intranet uses WIA (SSO) for employees and a proprietary username/password for non-employees to access the site.
Currently we have a single IIS site setup with our DNS attached to it. It works great and OS credentials automatically login our staff which is what expect, but it is prompting our non-employees (who only access the site off the network) to authenticate against Active Directory which they clearly cannot.
Both groups can login via a form based authentication if we set the IIS site to anonymous access, but we really want staff to have the WIA "SSO" experience.
To get around this issue I realize I can create another IIS site and attach a different URL so each group uses a different URL, however I'd much rather that everyone use the same URL.
Is it possible to setup 2 IIS sites, attach the same DNS to both, and somehow use IP filtering to say that if a user is on our domain then they get WIA, and if they are off the domain they get the form based authentication?