Don't provide direct links to the files. Create a new page called
GetFile.aspx?id=1 and have the page retrieve the files. That
way the user never knows or has direct access to the files on your server.
This way you can change security on the folder where your files exist so
only the web server can access them directly.
Change your links on the page to be:
<a href="GetFile.aspx?id=1">Click here for read me
Example of how to download a file from asp.net:
public void DownloadFile(string fileName)
Response.ContentType = @"applicationoctet-stream";
System.IO.FileInfo file = new
Response.AddHeader("Content-Disposition", "attachment; filename=" +
Response.ContentType = "application/octet-stream";
Code example taken from this question: Open
any file from asp.net