Hi all,<BR><BR> I have some unusual behavior here that I think is tied to directory security. If I access a website on a machine that has "Anonymous Authentication" only, and then access an ASP.NET site on the same machine that has "Integrated Access" only (using the same browser instance), the pages don&#039;t behave correctly (i.e. the viewstate doesn&#039;t work, handlers don&#039;t get called)<BR><BR>You can repro this in the following way:<BR>1. Create a new ASP.NET website, and add a button and textbox to webform1.aspx<BR>2. Create a directory under wwwroot and add an empty default.htm file into the directory.<BR>3. Make a virtual directory immediately under Default Web Site (in IIS Manager) for the directory created in step 2. Set the access to "Integrated Authentication" Only.<BR>4. Set the access mode for the ASP.NET site to "Authenticated - Allow IIS to manage passwords" (remove Integrated if its checked)<BR>5. Open a browser and navigate to the directory created in step 2. (do not specify the path to default.htm, just specify it to the directory)<BR>6. In the address bar, redirect the website to webform1.aspx of your ASP.NET site.<BR>7. Enter some text and press submit... the text should disappear..<BR><BR><BR>I suspect something relating to my incorrect understanding of IIS security models and how ASP.NET really works. I REALLY REALLY REALLY would appreciate help/Feedback..<BR><BR><BR>Thanks so much!<BR>Jeff