I thought this would be simple...
I added to the web.config in the folder
<allow roles="Admin"/>
<deny users="*"/>

This keeps the riff raff out put generates an ugly redirect error to an login.aspx page I don't have and would rather not add.

Isn't there a simple way to keep anonymous eyes out of a log folder without writing\adding another page ?

You could turn off directory browsing in the IIS Tools section of Control Panel (http://my.discountasp.net).

Doesn't work for me.

I did this and am still able to dump the contents of .txt files by just putting the complete address into IE.

What about password protection?

I THINK you are trying to keep people from viewing certain files. I also THINK you mean while directory browsing doesnt allow someone to view the entire directory, they can still see the file if they type the whole filename.

Put your txt files in the _database folder. End users dont have access to this directory.