Hi Cathi

>Chris,
>
>You shouldn't need to copy your DLL to another directory. The bin directory off of the root virtual directory is where it should be read from. Are you only using one virtual directory or have you setup different ones for each sub-directory?

I started with one folder but I soon thought it best to create a second folder where I put my 'secure' pages. This folder I created from within vs.net, I had to configure the application settings of this folder in IIS before my startup.aspx page would work. My login page etc is just in the root folder.

>
>For the deny users statement, make sure the valid users are listed first in the web.config. Make sure you are placing the authentication information in the we.config in the root directoy. You can not use web.config files in sub-folders for authentication.
>

As regards the web.config files, I have been following a tutorial at http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ASPSec2.asp

There it says in the secure folder have the webconfig file with the deny users etc and in the root folder is where you list your crendentials...

So I have this in the application root folder:

 <authentication mode="Forms">
		<forms name="samatason" loginUrl="http://prexp01/project/login.aspx">
			<credentials passwordFormat="Clear">
			<user name="agent" password="smith" />
        </credentials>
		</forms>
    </authentication>
 <authorization>
        <allow users="*" />
    </authorization>

and this in the secure folder:

<authentication mode="Forms" /> 
    <authorization>
        <deny users="?" />
     </authorization>