I have a web application that needs to call a .NET enterprise service component running in COM+. I only want this web application to be able to call this component, so of course I've turned on component checks and added a role that only contains the ASPNET account.
Friendly neighbourhood monkey
Assuming you're using IIS6, you could create a separate appdomain and have the asp.net worker process run as another account.
I'm pretty sure impersonation would work in IIS 5 (and 6, but probably easier to just run the worker service under a separate account, as mentioned above). Of course, if your COM+ component lives on another box, then you'll need to impersonate an account w/ domain credentials, and enable delegation in addition to impersonation.
One low-key way of handling this is pass a parameter with some sort of key to the component's constructor or Init method. Thow an exception for anybody that passes the incorrect key.
Fog Creek Home