How to implement a secured download system?

Question

What's the best way to implement a download system?

It needs to be integrated with an asp.net application.

I need the following features:

1. Deliver files larger than 50mb
2. Only users authorized by an asp.net login page can download
3. Need to know if the user downloaded the whole file, or part of it
4. Once the file is downloaded or canceled, the same url will not be available again

It's something similar to rapidshare I believe, but integrated with an asp.net application.

What would you guys suggest?

thanks!

Answer 1

What if you hosted the files on a lighttpd server running modsecdownload, and used your asp.net app to generate the secure urls to the files on that server? That approach should handle items 1,2 and 4.

Not sure how you could tell from the server side that the download was completed successfully, maybe have some logic that parses the server logs?

Answer 2

You could also use nginx and its X-Accel-Redirect feature. It's simple, and nginx is even more ridiculously fast and lightweight than lighttpd. A common setup at least in the Ruby and Python web world is to run nginx in front of lighttpd or Apache. nginx serves all static media and proxies dynamic request to the web server behind it.