To determine what resources are accessible to IIS and ASP every session runs in a security context. This context is a particular user impersonated by IIS (typically IUSR_machinename). The User property allows you to determine what user is currently being impersonated.

For further details of Windows security see Microsoft's "Windows NT Security". If you want to run IIS in an isolated process see "Server Reliability Through Process Isolation". Please note that security works differently when running in an isolated process. This is fully covered in the above articles.

Domain property. SetUser method.