Hi,<BR>BACKGROUND:-<BR><BR>We are building an Intranet based upon IIS5 with Lotus Notes R5 sat on top. So we can serve up both "normal" HTML/ASP/XML pages and Lotus Notes documents.......<BR><BR>Initially, all was well - so long and we did not need to use security!<BR><BR>We &#039need&#039 to use the Lotus Notes NAB to determine if people can access pages, cus this authentication system is in place on our LAN and you really wouldn&#039t want user data stored in 2 places....<BR><BR>We have tried to use a component called ASPTear (a DLL, which appears to act like a Browser and retuns plain HTML from an inputted URL) to return data from a notes database and it works (in so much that it does return data) BUT we can not control authentication to the databases.<BR><BR>We are using the object to Tear a secure page from Lotus Notes database(R5) and thought that we were holding an instance of ASPTear in a SESSION variable<BR> - unfortuntley, the same instance of ASPTear is available to other users who run the same asp page (i.e. they also create a SESSION object) - we expected these<BR> to be 2 different intances of ASPTear but this does not appear to be the case. N.B the same object is available until we restart IIS)<BR><BR>The first ASP page contains the line :-<BR>Set Session("xobj")=CreateObject("SOFTWING.ASPTear")<B R><BR>A second ASP page sets up the object :-<BR>strOurText=xobj.Retrieve("http://..../test.nsf?login",Request_POST,"username.....etc","" ,"")<BR><BR>So, this call establishes an Authenticated connection to the database for THIS person - hopefully for this session BUT, when we ran only the first page from another <BR>P.C that user also had secure access to the database.<BR><BR>It appears to us like IIS has create a single instance of the DLL and all users are attaching to it - Is this true and if so can we for individual instances of the DLL to be generated (If created Client Side, clearly they would be different .... maybe this is the answer? - but I hope not - Server Side is best?)<BR> __________________________________________________ ____________<BR><BR>OUR QUESTIONs:<BR>(1) How can we ensure that a DLL (either theirs or one written by us) uses the CREDENTIALS of the current user of the browser from within an ASP page?<BR>(2) I also need to call this DLL from an ISAPI Filter that I have written that inserts a banner onto all pages that contain a custom &#060;TAG&#062; - I would like this banner to be security aware (personalised) based upon the contents of a Notes Database document. So, I need it to inherit the security context of the real user (not IIS_System).<BR><BR><BR><BR>Kindest Regards and many thanks<BR>Tony Goodridge<BR>Welwyn Garden City, England