>Thanks Tim.
>
>One other thing, what's the best way to authenticate usernames/passwords? The most straightforward seems to be to pass the user/password to another asp and then that will call the COM and validate it, but the username/password is then sent over the wire in a non-encrypted form.
>
>Kev
>

The best way to handle this is to configure your login page to use SSL(Secure Sockets Layer - https). This will require you to purchase a server certificate to be used in the encryption/decryption. Once you have the certificate, you can go into IIS and configure the security for the page through it's properties. If you go this route, there are loads of information on how to do this at MSDN.

Another way to handle this is to turn on "Basic Authentication" within IIS. If you go this route, you will have to create an NT account for every user of the site. This can become a maintenance nightmare.