they are using IIS5, so it must be Windows Integrated Authentication
run Internet Services Manager, right click on your web application or the default web site to open the Properties page, go to Directory Security tab, click on the first "Edit..." button, uncheck "Anonymous Access", check "Integrated Windows Authentication"