>- let's authenticated users access a particular file (not browse the foler)
Maybe I am missing something, but if you create a "default.htm" in that folder that should prevent users from browsing it.
>- locks unauthenticated users out
Another approach to this problem could be to provide a web page within you application that would list (with A HREF=...) all files that users have access to.
Hector Correa