Put an application on the server side to read and serve the pdf.
The files must be in a private folder acessible only by the app.
This app can be an ASP page, PHP page, a CGI or Fox app (West-wind, AVFP, ...).
You need to check who is asking for the file, and serve or deny access to the file
based on a database of users (or group of users) vs file.
Over shoulder lookers will only see the path to the file server app in the adress bar...

You can also set the permissions on IIS for each file but its not as manageable as the other solution.


>Hi
>
>We have a web site on a Windows 2000 server with IIS. and ISA as firewall. In some of our ASP pages we have link to PDF file on our server. These pdf files are confidential and some user must not be able to see those file. They check to find the link and type directly on their browser this link to see the pdf file. We want to be able to hide all link for these file (when a document is open in the browser of an authorized user) or to be able to check for every access of PDF file if the user that have requested this link is autorized.
>
>I must specify that this is an intranet and all our user à people of our company. So somtimes when one employe meet another one he can see the link on the browser this employe when he is reading a PDF file and when he is back to is computer just type the link and have the file.
>
>thanks
>
>Michel