I had a previous post - https://forums.iis.net/t/1238417.aspx
Solution there was great, worked fine.
But then I noticed one odd side effect.
When I look at Server Variable "auth_user" when I access the specific document (http://server/folder/test.asp) - it pulls the correct identity [the user that is using the browser]. However, if I access it via the default document (http://server/folder) - it pulls the worker processes' ID. The default document is test.asp in this case. Seems like there is a security setting that needs to be applied at the root of the directory - the path and files in it vs just the files. Haven't been able to find the resolution to it.
Thanks.