Thanks Rick but I don't see your proposed solution solving the original problem of restricting access to specific PDF files. For instance, let's say the system was able to validate a vendor/PDF match and allows a vendor to view a specific PDF file with following url www.mywebsite.com/pdf/19493.pdf.

What's to say this vendor can not simply retype the url with different pdf like www.mywebsite.com/pdf/123456.pdf and pull up a pdf that might exist?

Having said this, there must be a way to password protect a whole subdirectory and have server-side only access to it like supplying the password in an ASP page that can't be seen by the browser of the user.

>>We would like to post purchase orders converted to PDF files for viewing/printing by our vendors via our web site. However, how do I protect these files for access by only those "applicable" vendors for each P.O.?
>>
>>I guess my question is how do you dynamically allow/restrict access to specific files on the web server. TIA.
>
>Here's one way: Put the PDF file names in a database along with the vendor ID for each one. Require the vendors to login to your site. Once you have validated the vendor login and know who it is, you can dynamically generate a page that contains links only to the PDF files that belong to that particular vendor.