Add the following directive in your web.config file:
<location path="Caminho/Para/Pasta/Publica">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Explanation
-
location.path
is the location / folder you want to block;
-
deny.users="?"
blocks access for anonymous users.
Example
For your case, you could deny everything and then release only what the users can access. Here's an example:
<location path="Content">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Content/Arquivo.js">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
In this case, the first policy blocks all users from accessing the Content
folder. The second one only allows the file Arquivo.js
.