Enabling users to download files (blobs) in Windows Azure can be done in 4 ways ;
(as Microsoft evangelist Sean Harris explains in this blogpost)
- Direct Download – Set the Access of the Container to Public Read Access or Full Public Read Access and expose the URL to the end user. The drawback of this method is obviously security – you have no way of controlling access when the URL is exposed. There is also no way of detecting downloads, and to execute code before/after the download.
- API Download – The user must run a Windows App, Silverlight etc. Also – the app must contain the store account name and key – which might compromise security. Especially if you have several customers using the same account (they can still have their own containers of course).
- Proxy Download – Have the user access a URL on YOUR server – which then retrieves the file from Azure and sends it to the user. The advantage of this is that you have full control of downloads, you can execute code before/after downloading and you don’t have to expose any Azure URL’s / account info. In fact – the end user will not even see that the file is stored in Azure. You can also override the filename this way. A downside is that all traffic passes through your server – so you’ might get a bottleneck here.
- Pass-through Download (Azure Shared Access Signature) – Creates a signature and inserts this signature in a URL where the user is redirected to Azure. The signature enables the user to access the file for a limited period of time. This is most likely your best option. It enables custom code to be executed before downloading, it will ensure max download speed for your users, and a good level of security is also ensured.
Our client has files stored as Guids in Azure – and we keep track of files (names, sizes etc) and folders in a MS Sql database. This is the reason we have to use the Proxy Download option – when users are downloading files.
Sean Harris has developed such a proxy which streams the file directly from Azure to the end user. This code however requires a third party framework, and seems to overcomplicate things a lot. Here’s a version which does the job just as well (.ashx generic handler):
//Retrieve filenname from DB (based on fileid (Guid)) // *SNIP* string filename = "some file name.txt"; //IE needs URL encoded filename. Important when there are spaces and other non-ansi chars in filename. if (HttpContext.Current.Request.UserAgent != null && HttpContext.Current.Request.UserAgent.ToUpper().Contains("MSIE")) filename = HttpUtility.UrlEncode(filename, System.Text.Encoding.UTF8).Replace("+", " "); context.Response.Charset = "UTF-8"; //Important to set buffer to false. IIS will download entire blob before passing it on to user if this is not set to false context.Response.Buffer = false; context.Response.AddHeader("Content-Disposition", "attachment; filename="" + filename + """); context.Response.AddHeader("Content-Length", "100122334"); //Set the length the file context.Response.ContentType = "application/octet-stream"; context.Response.Flush(); //Use the Azure API to stream the blob to the user instantly. // *SNIP* fileBlob.DownloadToStream(context.Response.OutputStream);