I want to do the following:

people go to our website - click on [MEMBERS] - and login with an account
via a web based verification process..... SO, now, based on a [session
variable] I know that the user has been properly validated.

Now that I know the user, is there a way that I can SECURE a browseable web
folder so, only a list of approved users can TRULY browse that folder via the
web?

help..

There are two ways this can be done:

a) Use built in authorization rules. All you've talked about below is
authentication (users have authenticated themselves). Windows provides at
least two ways of authorizing access built-in: NTFS permissions and (in IIS
7.0) Authorization Rules

b) Build your own authorization system. You can write an ASPX page (or PHP
page or whatever platform you are using for the rest of your application)
that reads in the file/folder contents of the directory you want to display
and then outputs that to a webpage as a list of links or similar. Your own
webpage would check to see whether the authenticated user actually has
permissions to view what files/folders

Cheers
Ken

Show quoteHide quote

Certificate Mapping - Debugging
iis 6 ssl redirect initial login encrypted?
Unable to access site with FQDN
Restricting access from my site to other sites
web site access OK by IP but not by name
IIS requiring Client "Machine" Certificate... possible?
Client certificates
Using "A share located on another computer" AND Authenticated acce
one client certificate able to access two websites
Managing Virtual Directories in IIS