I have a website built for asp.net using vb.net. I have some folders that hold sensitive data and I need to secure the information in the folder. Only those who login should even be able to read contents in the folders. I believe locking the folders down using a webconfig for each folder might do the trick. Currently, my login information is stored in a session variable as well as their role and access. Can anyone give me some guideance with an example?