Hi BassKahuna, first of all Welcome to WebmasterWorld!
Apache and IIS are differently organized. In Apache all settings are controlled via the httpd.conf and .htaccess files. In IIS part of the settings are controlled by the operating system.
If you want to apply rewrite rules to URLs, the most Apache-compatible solution is to use ISAPI Rewrite. Authentication which is also controlled by the .htaccess file in Apache is controlled in ASP by the web config file. More information about that can be found here [msdn.microsoft.com].
Thanks for the info... we're an electrical distributor / wholesaler based in the midwest, and are not currently or looking at any time in the future to accept orders or customers outside of the U.S.A. So I'm looking for a way to simply block the IP's of all other countries to prevent the RFQ's we keep getting in to our sales folks from international customers. I've been blocking out individual IP's from certain countries when I find them crawling our site and ignoring our robots.txt file, but was looking for a simpler, more elegant solution than having to enter all these IP address in to IIS one at a time.