I have created a document collaboration site and was wondering if anyone knows how I can secure document downloads? The user will click on a document link which links them to an ASP page that validates their access to the document then RESPONSE.REDIRECTS them to the actual file. The files are mostly Excel, Word or PDF documents, so the redirect will actually open the document using the appropriate program embedded within a browser, with the direct URL to the document showing in the browser's address bar. If the user copies this link and gives it to his friend then my security is breached. If I could get everything to run outside the browser, force the download, or a Save As dialog with the Run/Save options, that would probably work to a degree. I would like to internally redirect (I believe an IIS 5.0 feature) or mask the actual download location of the file, or force authentication of any request (possibly with an ISAPI filter?). Any thoughts?