<configuration> <system.webServer> <authorization> <deny users="*" /> </authorization> </system.webServer> </configuration>