There was a recent article on 4guys about Role-Based Authorization With Forms Authentication. I'm interested to know if you can apply this kind of Authentication/Authorization to non asp files (ie pdf, exe, etc). The application would be a download section that requires a user to login before downloading such a file. In classic ASP there is no way to truly do this w/o using some kind of component/ISAPI extension. The alternative would be just obscuring the URL or storing the files outside the web filesystem and then reading/streaming their contents to authorized users.<BR> <BR>I'm wondering if .Net provides any new approaches to this problem. My guess is no, since these extensions are not mapped to the ASP.Net dll, the only Authentication/Authorization will be through IIS? Is this right? Is there a way to do a form based (ie cookie) authentication/authorization on non ASP files w/ .Net?