Temporary file download link with ASP.NET

Question

I\'d like to know how I can generate a temporary download address for my file for a limited time. I know that\'s not the best practice and probably using HttpHandlers is the

Answer 1

Well first you need some form of identifier. You suggest a GUID and that's easily done, Guid.NewGuid().ToString("n") gives you such an identifier.

You talk of URI rewriting, but that's really just a bit of polish. You could certainly do some rewriting to turn /myFiles/a948ec43e5b743548fd9a77c462b953e into /myFiles/download.aspx?id=a948ec43e5b743548fd9a77c462b953e or even (after checking a look up table) into myFiles/download.aspx?id=3 or myFiles/download.aspx?fileName=myNewDownload.pdf. This is the same as any other URI rewriting task, so for now lets just ignore it and assume we've a request coming into /myFiles/download.aspx?id=a948ec43e5b743548fd9a77c462b953e whether that is due to rewriting or not.

Okay. You've got an identifier, you need to match this to three things: a stream, a content type and an expiry date.

You could store all of this in the file system, all of it in a database or the details in the database including a path to where the stream is stored as a file in the filesystem.

Lets say store it in the file system with names like:

a948ec43e5b743548fd9a77c462b953e.application_pdf and a5d360178ec14e97abd556ed4b7709cf.text_plain;charset=utf-8

Note that we aren't using normal windows file extensions, so we deal well with the case where the uploading machine had different bindings to your server.

In the case of a948ec43e5b743548fd9a77c462b953e being the item required we first look at the creation date and if it's too long ago (the file has expired), we send a 410 GONE header with an error message explaining the file has expired (we can also delete the file at this point to clean up usage - or perhaps truncate it so it remains a record that the file used to exist, but is 0bytes of storage).

Otherwise we set Response.ContentType to "application/pdf" and then Response.TransmitFile to send the file.

If we'd stored the stream a different way than as a file, we'd want to send it in small chunks (4096 nicely matches other buffers in other parts of the system) and in the case of it being very large call Response.Flush() periodically to prevent memory issues.

That's your basic system done. Niceties would include storing the original file name and sending it in a content-disposition header, and obeying Range requests so that a user can resume a failed download rather than have to start from the beginning.

All of this is pretty orthogonal to any authentication used to ensure only the correct person has the file - you could use it in tandem with a login system of whatever sort, or you could leave it public but time-limited.