IIS7 basic authentication to protect a site that uses forms authentication

This should be much simpler than it has proven to be!

I have an ASP.Net web app which uses FORMS authentication to secure part of the site (i.e. the member login area).

Now I simply want to put a traditional/simple browser password popup (directory security) across the whole site because we are testing it and don't want anyone to stumble across the site and see the unfinished version etc!

This used to be super simple in older IIS versions.

I have "installed basic authentication" (as IIS7 doesn't come out of the box with this now). But when I enable it, it tells me that I can't have that enabled at the same time as any redirect based authentication (which is what my FORMS authentication uses).

So that's just stupid.

There has to be a super simple way to simply put a cheap popup password across the whole site without impacting on the other authentication method that you have setup inside web.config for the actual application.

Many thanks..

UPDATES
IP access restrictions are no good for a couple of reasons:
– My IP is dynamic and therefore constantly changing.
– I don't want to bother anyone that needs to see the site by asking them to bring up a console on their machine and work out their IP address or check their router etc. Many of them are non-technical business users and it will take them an hour to work out their IP address.
– Both basic auth and windows auth don't allow the underlying forms authentication to remain in place underneath.

What we seem to have here is a massive case of Microsoft trying to over-engineer things and as a result a super simple age-old requirements is no longer possible or easily achieveable. This has to be possible somehow… ANYONE???