There seems to be some confusion online in regards to how you restrict a user based on domain when using Windows Authentication.
It can be done in the config file, in my case it was my Web.Config file.
<authentication mode="Windows" /> <authorization> <allow roles="DOMAINDomain Users"/> <deny users="*" /> </authorization>
Where you see DOMAIN put in the domain you want to allow, leave the user as Domain Users.
You can do this for multiple domains, works a charm!