How to allow access by ip address, with fallback to basic authentication in IIS?
For IIS 7.5 I would consider URL Rewrite. For IIS6, consider ISAPI Rewrite.
Here are the forums for URL Rewrite http://forums.iis.net/1152.aspx
Check out this page for ISAPI Rewrite (http://www.isapirewrite.com/docs/), and search in the page for "Dynamic authentication". They give a walkthrough on how to handle the authentication part.