It looks like IIS is giving you secure cookies over your HTTPS connection, which is very sensible indeed. These cookies are designed not to be leaked to a plain HTTP connection, hence the result you get.
You could create a secondary, non-secure cookie to pass some authentication information to the HTTP side of your site. However, once you've done this, don't assume that whatever was done or sent during the plain HTTP session was done by the legitimate authenticated user, if at some point you need to go back to HTTPS. It can be OK to pass an authentication token from HTTPS to HTTP, but not the other way. (You'd still be vulnerable to attacks in plain HTTP of course, but this may be an acceptable risk in your application.)
There's more about this problem in this question (what applies to Tomcat would be the same with any web server, including IIS): Tomcat session management - url rewrite and switching from http to https