Expose url to webservice

In our project we want to query a document management system for a specific document or movie. The dms returns a URL with the document location (for example: http://mydomain.myserver1.share/mypdf.pdf or http://mydomain.myserver2.share/mymovie.avi).

We want to expose the document to internet users and intranet users. The requested file can be large (large video files).

Our architecture is like:

request goes like: webapp1 -> webapp2 -> webapp3 -> dms

response goes like: dms -> webapp3 -> webapp2 -> webapp1

webapp1 could be on the internet.

I have have been thinking how we can obfuscate the real url from the dms, due to security issues. I have seen implementations from other webapps where the pdf URL was obfusicated by c开发者_运维问答reating a temp file for the requested document that is specific for the session and user. So other users cannot easily guess the documentname of other users.

My question: is there a pattern that deals with exposing company/user vulernable data to the public ?

Our development is in C# 3.5.

The easiest way to handle it is to create a ashx file (or some other way of creating a URL) and have it serve the pdf. Since WCF supports REST you could always do it through that too. Just load the pdf into memory and push the byte contents into the response stream.

Alternatively, you might want to look into these:

http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/

http://www.isapirewrite.com/