Here is a 4-part series that explains how to set up Mercurial on IIS, using Active Directory for authentication and authorization:
After implementing the security with IIS/AD and Mercurial, Keyring extension can be enabled in TortoiseHg so that you do not have to type in username/password combination every time a request is made to the server. Aside from enabling the extension, add something like this to your repository settings:
username = your_username
default.schemes = http https
default.prefix = your_serwver.local/path_to_hg
default.username = your_username
In [auth] section, "default" refers to the name of the remote repository which is, in this case, default.