This is handled by default/ The documents themselves have permissions around them. This means that you can state globally that you only want authenticated users to be able to view a document.
Go to Documents and Files and on the right hand side you will see permissions. There you can set the global permissions on documents. By default all documents and libraries inherit those global permissions but you can break this inheritance and have individual permissions per documents or per libraries which allows you to get very granular. Here
is a video of how you set the global permissions and then break the inheritance for a single document and here
is the documentation on the topic as well.
Sitefinity by default has an HTTP handler that looks at the permissions for documents. Document listings will not display documents that we are not allowed to view and on top of this If anybody who is not allowed to view the document tries to access it via direct link, the HTTP handler takes care of this and returns a 403 'unauthorized request'
I hope this information helps!
All the best,
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking
system and vote to affect the priority of the items