A: 

DefaultHttpHandler is not supported, so applications relying on sub-classes of DefaultHttpHandler will not be able to serve requests If your application uses DefaultHttpHandler or handlers that derive from DefaultHttpHandler, it will not function correctly. In Integrated mode, handlers derived from DefaultHttpHandler will not be able to pass the request back to IIS for processing, and instead serve the requested resource as a static file. Integrated mode allows ASP.NET modules to run for all requests without requiring the use of DefaultHttpHandler.

Workaround

Change your application to use modules to perform request processing for all requests, instead of using wildcard mapping to map ASP.NET to all requests and then using DefaultHttpHandler derived handlers to pass the request back to IIS.

Hmmm, or this could be the issue.

ASP.NET modules in early request processing stages will see requests that previously may have been rejected by IIS prior to entering ASP.NET, which includes modules running in BeginRequest seeing anonymous requests for resources that require authentication ASP.NET modules can run in any pipeline stages that are available to native IIS modules. Because of this, requests that previously may have been rejected in the authentication stage (such as anonymous requests for resources that require authentication) or other stages prior to entering ASP.NET may run ASP.NET modules. This behavior is by design in order to enable ASP.NET modules to extend IIS in all request processing stages.

Workaround

Change application code to avoid any application-specific problems that arise from seeing requests that may be rejected later on during request processing. This may involve changing modules to subscribe to pipeline events that are raised later during request processing. http://learn.iis.net/page.aspx/381/aspnet-20-breaking-changes-on-iis-70/

notandy
Great link, although I don't believe I'm encountering any of those issues. I'm working with a module, not a handler, and the event I'm monitoring is the authentication event. Although it's possible this explains why I'm seeing it twice, it doesn't explain why the http info is lost (ex. form vars).
tlianza