How do I make WISA act like LAMP (Protecting .mp3s on IIS)

Question

I have created a few small flash widgets that stream .mp3 audio from an Apache/php host. The mp3 file cannot be directly accessed and does not save it self to the browsers cache.

To do this I set the mp3 file permission on the host to "owner: read/write" (numeric value 600). This makes it so that only my .php file can read the .mp3.

Then I make a request to my php file from my ActionScript and it streams the mp3 to my widget. (If the client/user looks in the browsers cache the mp3 file is not found as desired)

This is the php code that streams the file:

<?php 
ob_start();
header("Expires: Mon, 20 Dec 1977 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-Type: audio/mpeg");
@readfile($_GET["file"]);
ob_end_flush();
?>

Does anyone know how to reproduce this behavior using IIS/ASP.Net

1.) Make it so a file is only accessible to a file on the server.
2.) Stream that file using an .ASPX or .ASHX?

Answer 1

You're not really protecting the MP3s, just obfuscating them. Anyone can still save them, especially if they just fire up an HTTP debugger like Fiddler to figure out what HTTP calls are being made. The fact that you've set them to not cache and to go through a PHP script doesn't help much.

To get this same effect using ASP.NET, you'd write an HTTPHandler (probably just off an .ashx), set up all the headers the same way using context.Response.Headers, then load the .mp3 file using System.IO.FileStream and send that to context.Response.OutputStream. Look up System.Web.HTTPHandler, System.IO.FileStream, and System.Web.HTTPResponse on MSDN for more info.