You can use approach described in the article How to control access to specific directories in ASP.NET to set file access permissions by directory. You also have the option of restricting specific files by adding <location> tags to your web.config file. The <location> tags sit outside the main <system.web> tag and are nested directly in the base <configuration> tag, as shown:
<configuration>
<system.web>
<!– Other settings omitted. –>
<authorization>
<allow users=”*” />
</authorization>
</system.web>
<location path=”FirstSecuredPage.aspx”>
<system.web>
<authorization>
<deny users=”?” />
</authorization>
</system.web>
</location>
<location path=”SecondSecuredPage.aspx”>
<system.web>
<authorization>
<deny users=”?” />
</authorization>
</system.web>
</location>
</configuration>
In this example, all files in the application are allowed, except FirstSecuredPage.aspx and SecondSecuredPage.aspx, which have an access rule that denies anonymous users.