Using ASP code, you can implement more specialized security for your site. For example, say some annoying users plague your site. Because their IP addresses can be pulled from the server activity logs, you could use the following code to deny access:
<%If request.servervariables("REMOTE_ADDR") = "126.96.36.199" then
Response.Buffer = TRUE
Response.Status = ("401 Unauthorized")
There are many variables available within an Active Server Page that supply information about the browser making the request, as well as the information about IIS itself. The LOGON_USER command, for example, will return the Domain\Username of authenticated users, and a blank for anonymous users. You could then use server-side code to check for specific individuals, and redirect them to other pages.