hi,
Put your files (those you dont want to directly accesssible) under downloadfiles folder.
on web config put the codes given below,
<location path="downloadfiles">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
This section should be placed out side <system.web> section
Target file will download if user login.
Hope this will help