Prior to ASP.NET 2.0 and IIS 6, your options for integrating authentication and authorization rules between ASP.NET and classic ASP were limited. You could write awkward redirection-based logic that moved data around on query-strings, or you could invest a fair amount of effort attempting to wrap ASP.NET functionality inside of a web service.
With IIS 6 and ASP.NET 2.0, extra logic was added to the runtimes of both products that finally made it easier to integrate the ASP and ASP.NET environments. IIS 6 added a new feature called wildcard mappings that allow arbitrary ISAPI extensions to participate in the request lifecycle of any resource. This allows you to route all .asp requests to ASP.NET. ASP.NET 2.0 includes the necessary logic to recognize when wildcard mappings are being used. Unlike earlier versions of ASP.NET, ASP.NET 2.0 will route a request to IIS 6 for further processing.
The combination of IIS 6 wildcard mappings and ASP.NET 2.0's DefaultHandler means that you can now use ASP.NET authentication and authorization in conjunction with a classic ASP site. The basic steps necessary to enable this integration are:
Use wildcard mappings to route all .asp requests to the ASP.NET ISAPI extension.
Add some .aspx pages to your classic ASP application. The basic ASP.NET page that you will need is some kind of login page.
Although the ASP and ASP.NET pages all live in the same directory structure, you can still add a web.config file into this structure for the ASP.NET ...