You may want to check out a two-part Webcast series tomorrow and Friday that discusses the subject:
MSDN Webcast: Getting Delegation to Work with IIS and ASP.NET: Ins and Outs of Protocol Transition (Part 1 of 2) (Level 300) (Thursday, Feb. 10th, 1-2pm PST)
MSDN Webcast: Getting Delegation to Work with IIS and ASP.NET: Ins and Outs of Protocol Transition (Part 2 of 2) (Level 300) (Friday, Feb. 11th, 11am-12pm, PST)
Here's the description:
Internet applications depend on a presentation layer that communicates with server-based components. These components can be ISAPIs, COM+ objects, or ASP.NET applications. This webcast explains how to produce a robust application that is also configured for enhanced security. The topics include using Basic or NTLM authentication and transitioning those authentication methods to a back-end SQL server running Microsoft SQL Server 2000.