It is happening because this is a static file and by default will bypass ASP.Net and just get served up by IIS. Try adding this to your <system.webServer>
section of the web.config:
<handlers>
<add name="PDFHandler-Integrated" path="*.pdf" verb="GET"
type="System.Web.StaticFileHandler" modules="ManagedPipelineHandler"
requireAccess="Script" preCondition="integratedMode" />
</handlers>
Doing this will make it go through the ASP.Net pipeline so you can apply other functionality like Authentication/Role restrictions.