i published a picture named aa.jpg to web named www.abu.com. It will be shown after user login successfully by password. The address of the aa.jpg will show inside the html coding. Thus, i scare got ppl direct access to that aa.jpg by using direct access(www.abu.com/aa.jpg) without go through the login page. How to hide the address inside the html coding ? Or any good idie...

create a login table:
userid
password
access_level

Create a login script:
login.asp
and post it to verification page

On your home page (default), stick your login info there.
You can also use an include.

Then on every page you want a user to access, create a session variable which says something like

if session(access_level) <> "some level" then
'send them back to login page which is your default page
response.redirect "login page"
else
<ul>
<li> link1.html</li>
<li>link2.htm</li>
</ul>
This way, even though they will see the link, they can't access it unless they login and even better, you can send to any page you want them to go to based on the access level you grant them.
This should get you going, I hope.
Let us know if how you want to proceed.

I am not mean the html page. I want to hide the picture only. The picture is more important. Thanks.

Well I would keep the iamge in a data base so that it can only be displayed on your page #1, so people cannot guess the url. I would use a session based login as mentioned above and have a select statement get the image out of the data base. There is no way to protect just an image unless of cource you password protect the dir from iis. That could be an option for you, but I do not like playing with windows logins... You will onyl be able to have the one acc and pass, not tons.