Hello All,<BR>I have a client who wants to use Active Directory to control access to an ASP application on a worldwide network which I guess has a large number of domains. Now Im definitely not an expert in networking and Windows 2000 and I cant seem to find this kind of situtation clearly explained anywhere.<BR><BR>Heres how I imagine it might work:<BR>1. Client browser opens ASP page, code in ASP page creates an object which extracts the domain (checking domains from a preset list), user name and the groups that the user belongs to within their Windows 2000 domain. (without the user having to log on for a second time - as long as they are logged onto a recognised domain)<BR>2. This info from Windows 2000 is turned into variables to be used by ASP. ASP then controls what the user sees and can do within the site. (using a lookup to a database)<BR><BR>I suspect that this customer is thinking in a directory tree style way - like a static html site might use. Unfortunately, it&#039;s seems difficult to apply this to ASP since one page can do lots of different things depending on which variables you feed in.<BR><BR>Also... within this system, there is a file upload utility, which isn&#039;t too difficult to work out. Only for this, they want to use Active directory to control access priveleges as well. For example if you dont belong to the &#039;Accounting&#039; group on the Windows 2000 domain, you cant upload files. But, as far as I know, if we are using a browser looking at a page served up by IIS, then we can only access that folder as an internet user. Is this right?<BR>Ive already had a look at the article "How to Validate a User Exists in a Windows Domain" - but Im still not so sure.<BR>Can I do this easily with ASP? Is it practical?<BR>Would appreciate any advice!<BR>Thanks