HOW TO: Protect Files with a Certain Extension

HOW TO: Protect Files with a Certain Extension

Solution

Solution steps:

Configure IIS so that the file type/extension is mapped to the ASP.NET ISAPI filter. This is done using Internet Services Manager.
If access to files of certain file type is to be unconditionally forbidden, also configure ASP.NET so that the file type is mapped to the HttpForbiddenHandler HTTP handler. This can be done by editing the Web.config file.

Reference articles:

HOW TO: Use ASP.NET to Protect File Types (Microsoft KB Article)
Protecting Files with ASP.NET by Scott Mitchell (4GuysFromRolla.com)
Protecting All Files Using Forms Authentication by Kevin T Price (DotNetJunkies) - this solution shows how to block certain file types (e.g. .pdf, .jpg, .gif) from non-authenticated users.