IIS Permissions

Hi guys I'm running IIS 5.1 on XP Pro and have a question about
permissions....

I want to be able to distinguish between the ASP interpreter
accessing a page and a normal user accessing a page through
browser. I want to set up a directory which the users cannot
get access to e.g. inetpub/wwwroot/xml which contains
files which I want only the ASP interpreter to use but i'm
having trouble doing so. no matter which way I set it i.e. if
I set access to the XML directory to allow IUSR_COMPNAME read
and write permissions I can still get at the direcotory contents
using a standard browser. If I dont allow this, ASP can't get
hold of the directory either and is unable to render the page!

Is there anyway of doing this. I know technically you should
put everything in the database and control access like that but
I dont want to put some of the material in a DB.

Thanks
Mox.