Media content in Sitefinity can be permissioned, which is great. However in an unauthenticated state if the user clicks a link to the file from either an email link, or on the site somewhere they get a 401 response, not a link to your login page with a passthrough to the file.
Here's how you can get around that...
Step 1: Detect the error
Basically all we're doing here is capturing any error message related to documents so we can manually send them to the login page.
Step 2: Create the page\widget to serve the file
So this could be an aspx page, ascx control, mvc control, simpleview widget...doesn't matter. You just need something to serve them up the file. I mean it's probably a better idea for this to be a sitefinity page that can be permissioned with a widget on it. This code is just something we did a long time ago...
That's it!...next step is for telerik to get to making the functionality native without modification...or at least the ability to enable it.