Setting up basic auth in IIS 7 for a specific sub-directory

Add the following in web.config under < connectionStrings />: In IIS make sure anonymous authentication is enabled, and basic authentication is disabled.
<!-- restrict api help with AD basic auth -->
<location path="help">
  <system.web>
    <authorization>
      <deny users="?" /> <!-- deny anonymous users -->
    </authorization>
  </system.web>
  <system.webServer>
    <security>
      <authorization>
        <remove users="*" roles="" verbs="" />
        <add accessType="Allow" users="" roles="ApiUsers" />
      </authorization>
      <authentication>
        <basicAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>