F-ES Sitecore is right, it's possible.
This is the code I use:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="wm5ftdl.aspx.cs" Inherits="wm5ftdl" %>
<%
string guid = Request.QueryString["file"];
string fileName = "ERROR";
byte[] data = new byte[] { 0, 0, 0, 0 };
string strCon = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["DownloadDatabase"].ConnectionString;
using (System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(strCon))
{
con.Open();
string strcmd = "SELECT [iD] ,cn.[fileName],[description] ,[dataContent] ,[version] " +
"FROM dlContent cn " +
"WHERE cn.iD=@ID";
using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(strcmd, con))
{
cmd.Parameters.AddWithValue("@ID", guid);
using (System.Data.SqlClient.SqlDataReader r = cmd.ExecuteReader())
{
if (r.Read())
{
fileName = (string) r["filename"];
data = (byte[]) r["dataContent"];
}
}
}
}
Response.Clear();
Response.AddHeader("Cache-Control", "no-cache, must-revalidate, post-check=0, pre-check=0");
Response.AddHeader("Pragma", "no-cache");
Response.AddHeader("Content-Description", "File Download");
Response.AddHeader("Content-Type", "application/force-download");
Response.AddHeader("Content-Transfer-Encoding", "binary\n");
Response.AddHeader("content-disposition", "attachment;filename=" + fileName);
Response.BinaryWrite(data);
Response.End();
%>
It goes in an ASPX file, and I provide a GUID id link:
protected void Page_Load(object sender, EventArgs e)
{
try
{
List<Downloadable> downloads = GetDownloadList();
foreach (Downloadable dl in downloads)
{
HtmlTableRow row = new HtmlTableRow();
HtmlTableCell cell = new HtmlTableCell();
cell.InnerHtml = "<a href=\"wm5ftdl.aspx?file=" + dl.Id + "\" target=\"_blank\">" + dl.FileName + "</a>";
row.Cells.Add(cell);
tbDownloads.Rows.Add(row);
}
}
catch (Exception ex)
{
HtmlTableRow row = new HtmlTableRow();
HtmlTableCell cell = new HtmlTableCell();
cell.InnerHtml = ex.ToString();
row.Cells.Add(cell);
tbDownloads.Rows.Add(row);
}
}
private List<Downloadable> GetDownloadList()
{
List<Downloadable> list = new List<Downloadable>();
string strCon = ConnectionStrings.Download;
using (SqlConnection con = new SqlConnection(strCon))
{
con.Open();
string strcmd = "SELECT [iD] ,cn.[fileName],[description] ,[version], [uploadedOn], [uploadedBy], [downloadUserOnly] " +
"FROM dlContent cn " +
"INNER JOIN " +
"( SELECT filename, MAX(Version) AS maxver " +
" FROM dlContent " +
" GROUP BY filename" +
") gcn ON cn.filename = gcn.filename " +
" AND cn.version = gcn.maxver";
using (SqlDataAdapter da = new SqlDataAdapter(strcmd, con))
{
DataTable dt = new DataTable();
da.Fill(dt);
foreach (DataRow dr in dt.Rows)
{
list.Add(new Downloadable(dr));
}
}
}
return list;
}
This prevents the need for direct access to the DB with a modicum of security.