Many hosting companies offer password protection of selected files/folders as a part of the hosting control panel. If not, you could try basic authentication, as moltar mentioned, using .htaccess.

Try searching the site for '.htaccess password' for some places to start.

mcfly

Then create an include file (SSI or Server Side Include) with some code that checks for Session("UserId"). If it doesn't exist, the user gets bounced to the login page. The reason you put this in an include file is so you don't have to recreate it for every page you need it in. Just include the file in those pages.

In a blank file (save it as authenticate.inc or something), insert the following code. No need for anything else...

<%
response.buffer = true

if Session("UserId") = "" then
MyRedirect = "login.asp"
response.redirect MyRedirect
end if
%>

At the top of your private page, assuming that you saved authenticate.inc in the same directory as the private file...

<!-- #include file="authenticate.inc" -->

If your private page happens to be an include of another page then the include script at the top should be as follows to avoid breaking the inclusion.

<!-- #include virtual="common/authenticate.inc" -->

This is assuming that you saved authenticate.inc in a folder called "common" in your root web. Remember that the page that is using this include file must be an ASP page.