I have a large number of DTMLFile objects generated within a product implemented like so: index_html = DTMLFile('www/index_html', globals()) standard_html_header = DTMLFile('www/standard_html_header', globals()) Tracks = DTMLFile('www/show_tracks', globals()) I can access these DTMLFile objects like so: http://someurl:8082/MyProduct/Tracks however, basic authentication does not follow, meaning, I always get anonymous user even after the browser prompts for credentials and I supply them. I am using zope 2.3.3 on a solaris box. I can't access these pages without the proper credentials, providing a user known in acl_folder with the proper role for viewing; however, the information is not provided in the REQUEST object so that I can use the user/role/permission info programmatically. Scott Pierce Sonopress US - Digital Services 828.658.6157