If you are using the form Authentication and then this could be done by using web.config for sub directory use the location tag to prevent the access for anonymous user.
<!-- Order and case are important below -->
in the above sample configuration setting the location download is your folder where you want to restrict the anonymous user.
Hope this was helpful.
Amit Choudhary MicrosoftMVP MindcrackerMVP Blog: www.cshandler.com Follow @vendettamit