Recently I read an EPiServer forum post about securing EPiServer edit and admin mode. If I understood the post correctly then there is a public facing EPiServer site, using the standard SQL providers. The requirement was to prevent access to edit and admin mode to all but a restricted set of IP addresses.
If you want to skip the long descriptions and prefer a list then simply skip to the list at the bottom of the page.
I was setting up windows authentication for an EPiServer site on my development machine. The requirement was simple: have a windows authenticated site, with no anonymous access and therefore no log in. It was a fairly new build and I'd not used the windows membership and role providers before on this particular machine. There turned out to be quite a few steps in the end so I thought I'd write about them here. All steps are designed for Windows 7 / IIS7.x but can easily be replicated on previous versions of Windows.