Control file download using a HttpHandler - without exposing the files location

This will show you how to make a HttpHandler which can retrieve files without exposing the files location.
You can add additional logic such as download count or access restriction.

First things first, you'll need to setup your HttpHandler, I've called mine GetFile.cs:

namespace Sample.HttpHandlers
{
    public class GetFile : IHttpHandler
    {
        public bool IsReusable
        {
            get { return false; }
        }

        public void ProcessRequest(HttpContext context)
        {
            // The logic goes here
        }
    }
}

Remember to add the handler in your web.config, additional information can be found at microsoft support.

<add name="GetFile" verb="*" path="GetFile.axd" type="Sample.HttpHandlers.GetFile"/>

I've created a very simple table to store the file information:
key (uniqueidentifier) - In this case a guid
path (string) - This is the path to the file

Insert this logic into the ProcessRequest:

// Parse the query name "key" to a guid
Guid fileKey;
if (Guid.TryParse(context.Request.QueryString["key"], out fileKey))
{
    // Find the row corresponding with the guid from the database
    FileItem fileItem = new FileService().LoadFiles.FirstOrDefault(x => x.FileKey == fileKey);
    if (fileItem != null)
    {
        // TODO: Add additional logic here, such as download count or access restriction

        // Adds a root directory to the path giving you the 
        // ability to move the files without renaming all the path's in the database
        string filePath = string.Format("{0}{1}", @"D:\Files", fileItem.Path);
        if (File.Exists(filePath))
        {
            // Clears the buffer
            context.Response.ClearContent();
            context.Response.ClearHeaders();
            // The header will tell the browser that the file is an attachment, 
            // this will prompt to download instead of displaying the file in the browser
            context.Response.AddHeader("Content-Disposition", "attachment; filename=" + fileItem.Name);
            // Extracting the ContentType from the file extention 
            // using the MimeMapping method which has been made public in FW 4.5
            context.Response.ContentType = MimeMapping.GetMimeMapping(fileItem.Name);
            context.Response.BufferOutput = false;
            // Transmits the file
            context.Response.TransmitFile(filePath);
            context.Response.End();
        }
        else
            context.Response.Write("The file do not exist in the directory");
    }
    else
        context.Response.Write("The file do not exist in the database");
}
else
    context.Response.Write("Missing key");

To retrieve a file you need to call: /GetFile.axd?key=[your identifier] within your application

Additional information on the MimeMapping introduced in FW 4.5 can be found msdn and msdn blogpost.

If your on an earlier version than 4.5 I can suggest using this method:

private string GetContentType(string fileName)
{
    string contentType = "application/octetstream";
    string ext = System.IO.Path.GetExtension(fileName).ToLower();
    Microsoft.Win32.RegistryKey registryKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey(ext);
    if (registryKey != null && registryKey.GetValue("Content Type") != null)
        contentType = registryKey.GetValue("Content Type").ToString();
    return contentType;
}