If we wanted to make an ASP site that only users that have
usernames/passwords on internal network could access (both from inside and
outside our office), how would we set up that authentication?

Jim

You need to turn off anonymous logins for the application to force it to
pick up a username and password when people attempt to access the site.

You need to define the users who are going to access the site in the Active
Directory so that they have Windows NT usernames....best way to do this is
to separate the external users into a separate organization in active
directory, so that you can control policies appropriate to external access
separately.  You can then define access privileges on each folder in the
application as you would any normal NT folder and the NT security will
enforce access against the folders as you've defined it.

Chuck

Ok, and how and where would I do this? =)

Jim

Easy. ASP.NET uses the web.config file to determine the authentication provider.
You can use one of several authenticaion providers including: forms
authentication (the user logs in using a form with username and password),
passport authentication (authenticates using MS Passport), and Windows
authentication (basic, digest, or integrated).

You want to use integrated windows authentication. To set this up you need to
add the following line to the web.config file:

<authentication mode= "[Windows]"></authentication>

Then in your code you will need to check access using the
WindowsAuthenticationModule and WindowsPrincipal classes. It's pretty
straightfoward. You can find an example articles here:

http://www.4guysfromrolla.com/webtech/110701-1.shtml

Hope this helps!

Michael G. Emmons