so I have a content type with a MultiFiles field (yay!)... I want to require authentication to access these files (perhaps the user is a member of a specific role)...

I can link to the files easily enough using the ContentHelper.SplitMultiFiles(..) which is nice... but I notice the links are to cms_data/contents/sitename/folders/folder/~contents/userkey/filename

My concern is that once discovered, the link provides no protection/validation.

Without being overly familiar with kooboo (so far about 2 weeks) or razor (about the same 2 weeks, plus a few videos i'd seen on channel9).... I envisioned the following:

the existing page includes a view of the content type, and a URL rule for userkey (similar to the SampleSite Articles detail page)
I would like some sort of virtual path following the userkey ("files" or something) and another URL rule for the filename...

this would result in the following URLs:
site.com/Articles/Article1 (the primary details page, including links to files)
site.com/Articles/Article1/files/file1.txt
site.com/Articles/Article1/files/file2.txt

then (based on my knowledge of webforms), a view could (after validating access) clear the response buffer, set mime type and such, write the file contents to the response buffer, flush, and close.

the two primary issues:
not sure how to design a page with such complex rules (Articles/{ArticleKey}/files/{filename}
not sure if doing the response stream manipulation will work in razor the way it did in webforms.

I am also not sure whether this would be the BEST approach.


I've also wondered whether page mappings would be the correct approach, but i'm pretty unfamiliar with MVC routing rules in general.


Any thoughts/recommendations are welcome :)