Hi,
This is really an ASP (and/or a IIS/IE question), so I doubt if you will get any helpful replies on a
Java Servlet forum.
I would recomend that you look at web application security as implemented by WebSphere -- it will probably help you to understand your problem, and give you some ideas on how to implement something in
JSP.
I expect that integrating IIS and ASP into a pure Java system will be far more effort, and give you a less reliable system than using what WebSphere gives you out-of-the-box.
If you really want to use ASP, then you probably need to find an ASP forum, rather than a Servlet forum.