Restrict Login Attempts using IIS Authentication

How can I restrict the number of login attempts for our website hosted on IIS? Currently we're using Basic authentication but I'm open to using other authentication methods on IIS.

I've looked at AspNetCoreRateLimit, however it appears that only helps restricting login attempts by IP address. I prefer all IPs to be able to attempt to authenticate and rate limit login attempts then take any action following failure.