Hello. I don't really know how this should be done... If I allow all users 
then every file can be downloaded without the user is inlogged. Shouldn't 
it be <deny users="?" />

I cant really get this to work properly. I would like my application to 
work something like Microsofts IbuySPy example where they add usercontrols 
on the fly to a <td>.

Philip

> Did you check the "authorization" section in the web.config

U need to allow all the users.
<authorization>
            <allow users="?" />
</authorization>