One of the problems with testing ASP applications is that you have to replicate the server directory structure to perform valid tests. However, if you are working on the same server, you can't just put your files in the same places, because they'll overwrite the production copies.
You can, however, create a new web site in IIS, use the same directory structure and configuration, but use a different access port to hit the server. For instance, instead of using the default port 80, which is the live server, use an obscure port like 7654. You can then set up your development area just like the production and not have to worry about people straying in. If necessary, use IIS's security features to restrict hits from domains outside your own.