I decided that option:
somebody (guest, not user) wants enter our store, writes our IP in browser. When server answered, it give user an window in browser - "please, enter your name" and guest enter his name. We look this name and click YES or NO - if NO, user see 404 or 403 error, and if yes - look through our store.
It was for guests. Registered (allowed) users when goes to store, entering theirs login and password and go into without our confirmation.
Sorry for my english.