I have an IIS host with NTFS ACLs on some .html docs (NTLM is used to authenticate users); all users share the same username/password to get at the pages. I also have a Linux/Apache system that authenticates users through our X.500 directory to get to certain pages on that system. <BR><BR>What I am now faced with is the fact management wants to move all of the sensitive data to the IIS machine but use the Apache/Linux box for X.500 authentication (Apache "in front" of IIS). But in practice, people authenticate on the Linux server fine and then get redirected to the IIS server and then have to authenticate a second time - which everyone hates.<BR><BR>So what I am looking for is a way to post NTLM credentials to an .ASP page (which is protected by NTFS ACLs) so users never see the "second authentication" box. Have you ever seen/heard of such a setup?<BR>