c# - stop unauthorized file download in asp.net -

i have login.aspx page custom textbox username , password i.e. no loginview
after supplying correct username , pwd assign sessionid used visit other pages on website.

now download file (1234) redierct user ~/download.aspx?fileid=1234, on page check session id , send user file url i.e. ~/file/1234.pdf.
if 1 dirctly enters file url, unable stop him.
plase guide me on how this...

p.s. : have read authentication rule in web.config file dont know how mark user authenticated ones supplies correct username , password @ login. (i checking username , pwd database , redirecting home page)

your authentication strategy weak. should bounding areas of site (namely files directory in instance) roles , assigning users them.

however, around more immediate problem, disable outside world getting files directory , when hit ~/download.aspx?fileid=1234 serve them file. can find instructions here: how serve pdf file