How to serve a file from my website without giving directory access

[DT4K]

I'm working on a website (VS2010 / .Net 4) that is going to provide access to downloadable documents for our customers. These are customer specific documents, so we need to make sure that each customer can only download their own documents. We will have a database with a record for each document, along with the account number of the customer who is allowed to see that file.

The problem is that I don't want the customers to have access to the directories that the documents are actually stored in.

So what is the best way to serve up files for our customers without giving them a link to the file itself or access to the directory where it exists?

I found one method here:
http://www.codeproject.com/KB/aspnet/SecureFileDownload.aspx

Is that still a good way to go or is there a better alternative? Any .Net classes that provide this kind of functionality?

 

[Cogman]

Looks about right, so long as the files aren't available on the web server (IE the download script is reading the file from a secure area on the disk and handing it over to the customer) it really is pretty much file IO with standard authentication. The stronger your login security, the better this method works.

 

[PhatoseAlpha]

Gah, would've killed for that link two days ago, at least the bit about content-disposition.


Edit: Just wanted to say thanks. The link above was quite useful. Also, if you serve up any files that are browser-viewable, you can change the disposition from attachment to inline to allow them to display in the browser.