The problem is that when a user uploads a file, the name is quite likely to conflict with a different user's file of the same name - loads of people use the same set f file names every day!
The way I get round this is to store the user and the user file name in a DB, and store the file itself as a Guid filename:
bb5a84b2-f9b6-47ae-98e1-25df6344788a.upload
or similar. I then store the Guid in the DB so that I can cross-reference the file name the user wants to the "actual" file name in the file system.
When a user requests the file, i do it via an ASPX and a query string which contains the Guid value:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="FileTransferDownload.aspx.cs" Inherits="FileTransferDownload" %>
<%
string guid = Request.QueryString["file"];
string fileName = "ERROR";
byte[] data = new byte[] { 0, 0, 0, 0 };
string strCon = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["DownloadDatabase"].ConnectionString;
using (System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(strCon))
{
con.Open();
string strcmd = "SELECT [iD] ,cn.[fileName],[description] ,[dataContent] ,[version] " +
"FROM dlContent cn " +
"WHERE cn.iD=@ID";
using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(strcmd, con))
{
cmd.Parameters.AddWithValue("@ID", guid);
using (System.Data.SqlClient.SqlDataReader r = cmd.ExecuteReader())
{
if (r.Read())
{
fileName = (string) r["filename"];
data = (byte[]) r["dataContent"];
}
}
}
}
Response.Clear();
Response.AddHeader("Cache-Control", "no-cache, must-revalidate, post-check=0, pre-check=0");
Response.AddHeader("Pragma", "no-cache");
Response.AddHeader("Content-Description", "File Download");
Response.AddHeader("Content-Type", "application/force-download");
Response.AddHeader("Content-Transfer-Encoding", "binary\n");
Response.AddHeader("content-disposition", "attachment;filename=" + fileName);
Response.BinaryWrite(data);
Response.End();
%>