I want to secure a directory from normal Internet users but make it accessible
to certain users that have already logged in to my database driven application.
Is it possible to set NT security for a user programmatically without having
the browser show a basis authentication login?

I assume NT challenge isn't valid in this situation since I need to associate
this person with a local account that has certain permissions)?

For example: User logs in to my application and I know that this user has
permissions PLANSPONSOR setup as a user on the machine with access priviledges
to a certain folder on the machine.

If I can't would doing the following suffice: 1) make a directory without
a virtual path that has IUSER_MACHINE permissions to read. 2) In my ASP I
read this directory and show all the files 3) When user selects a link I
BinaryWrite the files out to the browser. A casual internet user can't see
the files because they can't enter in a directory but my ASP pages can since
I know the physical path. The only hitch is can I get the files and serve
them up in this manner? I don't prefer this because Im going to have to serve
many web sites and come up with a shadow directory structure for each.