I struggled for a couple of days trying to work this one out. In short, we have a system which places a .NET veneer on top of ASP Classic to provide security. The trick in this scheme is to add a Wildcard mapping that points the the 2.0 aspnet_isapi.dll so that all requests are routed through .NET. Now, if you are using XP/2003 only, then one solution for then passing the roles to ASP Classic is to add a custom header in a .NET HttpModule. Unfotunately, in IIS7 (and thus Vista), it does not appear that you can add custom headers once you have the User principal instantiated. Ideally, you'd be able to do this in the PostAuthorize event but alas, it is not to be.
I tried numerous approaches and nothing seemed to work. In the end the solution was to create an HttpModule that wrote the username in plain text in a new cookie in the Response and to read that cookie from ASP Classic and use it to query for the Roles. Theoretically, the (more) ideal solution would be for ASP Classic to decrypt the FormsAuthentication cookie. However, to do that, you must read the site's Web.config file or the Machine.config file for the decryption key (and encryption algorithm). I had toyed with the idea of writing a .NET COM component that would do this, but it would still be a bear and I ran into issues getting the COM component to instantiate in ASP Classic (i.e. Server.CreateObject would sporatically throw an error).
.NET Development