I had a need to put together a directory browser, and IIS7 and 8 provide the old standard looking listing (I think it's been the same since IIS 3 on NT).
I looked around and found Mike Volodarsky had written an HTTP module for ASP.Net to do exactly this; the comments on the web page are extensive, and unfortunately editing comments is not permitted; so here are roughly the same comments I posted there about fixing some minor issues / answering questions / updating the output:
1. The List declaration uses generics, so use this instead of the List Hidden = new List() declaration:
ArrayList Hidden = new ArrayList();
2. You can exclude files by adding to the Hidden collection - for example, I am hiding files named AlbumArt_(anything)_Large.jpg and AlbumArt_(anything)_Small.jpg:
if ((entry.FileSystemInfo.Attributes & FileAttributes.Hidden) == FileAttributes.Hidden)
else if (entry.Filename.StartsWith("AlbumArt_") && (entry.Filename.EndsWith("_Small.jpg") || entry.Filename.EndsWith("_Large.jpg")))
3. Add style="vertical-align: middle;" to the IMG tag on line 122;
4. Update dirlisting.aspx so that the   on line 124 has a semicolon
5. Line 122 of the original DirListing.aspx: Update the section which currently reads <%=HttpRuntime.AppDomainAppVirtualPath %> to instead read <%= (HttpRuntime.AppDomainAppVirtualPath=="/"?"":HttpRuntime.AppDomainAppVirtualPath) %> to avoid double-forward slashes in the path to geticon.axd (if it's declared at the root of the website instead of its own application).
6. Folder icons where the folder name has an embedded period - requires a change to two places in dirlisting.aspx. First, line 122 has this by default:
Because only the path is passed to the function, it can't tell the item is a folder. Instead, we need to pass the item as a parameter and work out within the GetExtension function whether it's a folder or a file. It looks like that's compiled code - so will need to be rewritten within the ASPX page. The basic approach - call a helper function that deduces whether it's a folder or not, and then calls the existing icon code. That way we don't need to hack away at the compiled code. Check out the attachment for the working fix.
For those seeking ACL support, the code would have to impersonate the logged on user or use the APIs that allow Windows Explorer to do calculation of effective rights. It most probably can't be done in the ASPX (at least, not efficiently).
Attached is my heavily revised dirlisting.aspx file. This file is put into the public domain - although as a derivative work, you should check the original source file license. But as far as I'm concerned you may do with it as you wish.