ASP.NET can't see above it's own root folder, so store the files in your web app folders, and they will then be visible, according to what permissions you give that folder ( browse/get/etc ). It's not the safest approach in the world, I wouldn't think. I'd be inclined to use a local service to store files outside the web app, and pass the byte stream back to the user. Christian Graus - Microsoft MVP - C++