I have a solution built on ASP.Net MVC (hosted either on VM or Azure WebApp), Azure File Storage and with ASP.Net Identity Provider for authentication.
The solution involves a lot of uploading and downloading of files from the server.
Before a file is downloaded, some authentication must first take place on the server.
This is currently implemented in my solution as follows:
- Signed-in user clicks on download link/button and HTTP request is sent to server.
- ASP.Net MVC controller method authenticates and authorises the download for the specific user.
- The controller method downloads the file from file storage onto the server from Azure file storage
- The file is streamed to the logged in user from the server.
I have noticed from the above approach that it has the following drawbacks:
- A significant amount of server resources is used up during the process, including memory, disk I/O, processing power.
- It generates a lot of network traffic in and out of the web server.
- The result of the above is that my solution requires a significantly larger pricing tier because of the above two points
Much of the above can be circumvented if I can somehow establish a direct download from File Storage to the client / user after the request has been authorised from the web server / controller method.
The solution I have come up with is to generate a SAS (shared access signature) on the requested file (with short lifespan) as soon as the request has been authorised, and then to redirect the client to the direct download URL with the SAS.
Is there any reason why I should not use this approach, or are there any better approaches available?
