You can use approach described in the article How to control access to specific directories in ASP.NET to set file access permissions by directory. You also have the option of restricting specific files by adding <location> tags to your web.config file. The <location> tags sit outside the main <system.web> tag and are nested directly in the base <configuration> tag, as shown:

C# 8.0 and .NET Core 3.0 – Modern Cross-Platform Development: Build applications with C#, .NET Core, Entity Framework Core, ASP.NET Core, and ML.NET using Visual Studio Code, 4th Edition
ASP.NET Core 3 and Angular 9: Full stack web development with .NET Core 3.1 and Angular 9, 3rd Edition
C# in Depth, 4th Edition

<configuration>

<system.web>

<!– Other settings omitted. –>

<authorization>

<allow users=”*” />

</authorization>

</system.web>

<location path=”FirstSecuredPage.aspx”>

<system.web>

<authorization>

<deny users=”?” />

</authorization>

</system.web>

</location>

<location path=”SecondSecuredPage.aspx”>

<system.web>

<authorization>

<deny users=”?” />

</authorization>

</system.web>

</location>

</configuration>

In this example, all files in the application are allowed, except FirstSecuredPage.aspx and SecondSecuredPage.aspx, which have an access rule that denies anonymous users.