Hey, I have an app that serves out sensitive information by displaying documents and images in my pages. I need to secure the files against people typing in random urls and viewing other peoples files or viewing there own files outside the context of my .aspx page. I&#039;m not sure of how to do this. I&#039;ve tryed blocking the IUSER_Machinename from my file folder and it doesn&#039;t seem to have any effect. I&#039;m assuming the ASPNET user only process files mapped in IIS like .aspx and then when referencing other files(.jpg, .txt, .pdf) IIS uses the anonymous user to point to the relative path and get the file. Please correct me if I&#039;m way off, but is there a way to have all access denied to any user execept the user executing the code(ASPNET?) and prevent a user from viewing files outside the context of my password protected page??<BR><BR>P.S. windows and forms authentication are not an option.<BR><BR>Thanks,<BR>Jeremy