We have a website running from a web server (WS1) which requires a user to login. This login/pwd is validated against a SQL Server database. Once the user logs in he is shown some links which are actual documents (static word/htm/pdf files). These documents are stored in a seperate file server (FS1). The FS1 directory (where all documents reside) is mapped as a virtual drive in WS1 as, say, "G:" (G:xxx.xxx.xxx.xxx
eports\"). When these links are shown to the user, clicking these links allow them to view the documents. It is ok as long as they are logged into our system. But if these hyperlinks are copied and pasted into the browser location (witout having to login to our site), it still shows up ..WHICH WE DONT WANT. How do you think this kind of restriction be applied. Do we have to develop some sort of a ISAPI filter for this or there is some easier way to do it.