I have a MVC website, without authentication. In the website directory I have a folder \ProjectNotes which contains a file inside, Notes.txt. Neither this folder nor the text file are a part of the solution, but still get copied up on publish.

My problem is that using a web browser anybody can access mysite.com/ProjectNotes/Notes.txt and I cannot prevent it. I have tried adding a specific route to take the user to the error page (no effect) and in the web config I've tried but that didn't work either.

How can I prevent access to the Notes.txt file using the MVC framework?

You should use Web.Config file for your case. Add to your root Web.Config file into <system.webServer> section:

<security>
  <requestFiltering>
    <hiddenSegments>
      <add segment="ProjectNotes"/>
    </hiddenSegments>
  </requestFiltering>
</security>

Actually, your question has nothing with MVC, but with IIS restrictions (Or other web server restrictions but I assume you using IIS)