validation for .pdf and other file types on my site

Please forgive my ignorance, but my asp developer is on vacation and I am clueless (as you will see).

I've made a website in html and we've converted it to .asp solely because we needed to secure the site with a login page.

Basically he did some work on the site and then asked me to include the following code at the top of all my new html pages (I've also renamed them all ".asp")

<% Server.Execute ("/training/includes/testLogin.asp") %>

"training" is the top level directory of the site.

This works great for my html pages, but the problem is that I don't know how to apply this to .pdf and non-html pages. These pages are linked to from the secure html pages, but are not secure themselves. I need to secure them. I've figured out (I think) that I need to put an html header at the top of each document page and include the above script, but I'm a) not sure if I'm right and b.) not sure how to do it.

We are running IIS 5 and the login validation refers to a simple Access database with username/password for each approved user.

Can anyone help me out? Thanks very much!

here we go again... It is not possible to prevent anyone from downloading anything you make available via http

* you can't, you can't, you can't you can't you caaaaannnn't *

stress on *you* mabye you can figure out something tricky with headers and https but.... nope, i can't think of a way right now and it's not worth investigating, you'll need to wait for you asp programmer to get back. Besides, how the hell is anyone gong to know the link to this stuff if they can't get into your sites without correct authorization?