it is a bad idea to name .mdb to .asp, see a better method here
How can I secure an Access database that I use on my Web site? That is, I don't want users to be able to guess the URL of my Access .mdb file and download my database
http://www.aspfaqs.com/aspfaqs/ShowFAQ.asp?FAQID=166
How to configure HTTP READ-Protected Folders
http://www.4guysfromrolla.com/webtech/022300-1.shtml