You manage a server that runs Windows Server 2008. The server has the Web Server （IIS） role installed. The server hosts an Internet-accessible Web site that has a virtual directory named /orders/. A Web server certificate is installed and an SSL listener has been configured for the Web site. The /orders/ virtual directory must meet the following company policy requirements： Be accessible to authenticated users only. Allow authentication types to support all browsers. Encrypt all authentication traffic by using HTTPS. All other directories of the Web site must be accessible to anonymous users and be available withoutSSL. You need to configure the /orders/ virtual directory to meet the company policy requirements. Which two actions should you perform？（）