I don't think you can detect and prevent a direct link to an image

Providing you have physical access to the IIS server or at least you can get someone to make some small ajustments, you can easily secure the photos.

You can just create a virtual directory to a folder on your server with the images. And then just set the permissions in IIS under the VD's properties and then under 'Directory Access' to not allow anymous access.

The down side is that you either have to have an account on the domain/server for each person so they can login or and one account everyone uses.

This may not be the most ideal way, but it would work. It depends on things like if it is for an intranet or internet.

So then if someone types into their browser the direct link, the IIS authentication login window will pop up and if they don't have a valid username and pwd it won't let them through. Once they login, it won't show up again until their session timesout.

Actually most hosts have directory browsing disabled for security reasons so you don't actually need to put a index.htm in all the folders. If there wasn't a file in the 'default document' list in the folder the person will just get a "Directory Browse Forbiden" error in their browser.

Are you trying to protect poeple from stealing the pics or just from viewing them? If you are trying to protect people from stealing them then do not put them on the web. There a couple of things to make it more difficult, but not impossible. If you are just trying to keep people out set a cookie or session for a valid login. On your picture pages set something like

If Request.Cookies("Login") = "Good"
Look at all these images
Else
Response.Redirect "login.asp"
End If