Short version: I want to know how in ASP.NET I could bar direct http access
to some files in a directory that match a pattern, but not others. An
alternate solution would be to bar all direct http access to files and
require that any access of the files be mediated by my web application. In
other words, direct access via http://domain.com/app/MyCoolPhoto.jpg would
be forbidden.

Long version: I've written a photo cms and display application that has
organized many tens of thousands of files. It has made different versions of
those files, some of which I am willing to offer to the general public and
most of which I'm not:

jid20040632_pid400017_wissnerslivkachair_001_ld50.jpg
// OK to show to the world
jid20040632_pid400017_wissnerslivkachair_001_ld400watermarked.jpg      //
Also OK, it's watermarked
jid20040632_pid400017_wissnerslivkachair_001_fullsized.jpg
// NOT OK! Keep this files matching "..._fullsized" off limits!
[multiply this by 20 other variations.]

I want to limit access to most of those variations. In some cases I imagine
I will be doing that limiting via ASP.NET 2 roles and in other cases I will
be inspecting ServerVariables that are assigned by the Pubcookie auth
framework.

Can someone suggest a server-side approach that works with ASP.NET and that
can't be easily defeated?

Thanks,
-KF