This is a multi-part message in MIME format.

------=_NextPart_000_00F0_01C1FB84.1B176F20
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am about to implement the ASP.NET into my running project....and have 
few questions...

My web server (win 2000 server) has IIS lock down tool...After 
installing .net there is ASPNET user their.

Should we add ASPNET into Web Application group that IIS lock down tool 
made?

It seems that if ASPNET user has no access to my web folder, asp.net 
doesn't work.
What about virtual hosting scenario? Where IUSR_ (web anonymous group of 
iis lock down) fits in? We have users (web anonymous group member) and 
each web is running under their own users and each user has only access 
to their web folder. Giving ASPNET user access to all home folders, will 
definitely be a security risk. Comments?

I am administring a portion of complete web site, a sub web...and my 
team lead is not yet ready to port the whole site to asp.net...my sub 
web gets parameter, like logged-in user and other parameters (used for 
inter sub web authentication) over session variables, and exposing the 
variables over query string is not feasible. Whats the best practice to 
import partly or completly session variables of asp 2/3 to asp.net?
Query string is not feasible....
How about COM which gives ASP's session variables and using inter-op in 
asp.net?

Regards