Microsoft Regional Director (and friend) Steven Smith has a great talk about ASP.NET performance tips - I've seen the presentation probably a handful of times already, and always seem to walk away with something new to try that I didn't quite "grok" previously.
But, here's one additional tip that I can offer that is easily overlooked, yet very important for enterprise development.
Enterprise web applications (at least in my world) tend to use Integrated Security in order to provide Single Sign-On capability (i.e., automatically authenticating the user according to their Active Directory credentials). As such, Anonymous access to the web application is usually disabled directly in the metabase using the IIS MMC. But, with sites that use a lot of small images, there's a serious performance hit that you take when Anonymous access is disabled!
A web browser will always try to submit a request anonymously. In the case that I described where Anonymous access is disabled, the web server will generate a 403 response (and include a list of possible ways that the client can authenticate itself). The web browser will then either prompt the user for credentials, or in the case of using Internet Explorer in the Intranet Zone with an application protected by Integrated Security, will automatically provide a response to the NTLM challenge. The point being that it takes two separate requests for each resource (not to mention a higher computational cost, since there's a challenge/response included). Multiply this by however many little images your page might have, and your load time increases significantly.
Just today, I was asked to diagnose a load-time issue for a 3rd party web application that my client uses. The site looks nice because it uses little images all over the place - to the effect of hundreds per page! But, the price of these aesthetics was really aweful load times, especially over a VPN connection.
For images and other resources that do not necessarily need authentication, you can get an immediate performance improvement by enabling Anonymous access to the resource directories/files themselves (leaving Anonymous access disabled for the rest of the application).