I've produced a couple of small expensive icons that stream .mp3 audio from an Apache/php host. The mp3 file can't be directly utilized and doesn't save it self towards the browsers cache.

To get this done I set the mp3 file permission around the host to "owner: read/write" (number value 600). This causes it to be to ensure that only my .php file can see the .mp3.

I Quickly create a request to my php file from the ActionScript also it streams the mp3 to my widget. (When the client/user looks within the browsers cache the mp3 file isn't found as preferred)

This is actually the php code that streams the file:

<?php 
ob_start();
header("Expires: Mon, 20 Dec 1977 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-Type: audio/mpeg");
@readfile($_GET["file"]);
ob_end_flush();
?>

Does anybody understand how to reproduce this behavior using IIS/ASP.Internet

1.) Allow it to be so personal files is just available to personal files around the server.
2.) Stream that file utilizing an .ASPX or .ASHX?

You are not necessarily safeguarding the Tunes, just obfuscating them. Anybody can continue to save them, particularly if they simply turn on an HTTP debugger like Fiddler to determine what HTTP calls are now being made. The truth that you've set these to not cache and to undergo a PHP script does not help much.

To obtain this same effect using ASP.Internet, you'd write an HTTPHandler (most likely just off an .ashx), setup all of the headers exactly the same way using context.Response.Headers, then load the .mp3 file using System.IO.FileStream and send that to context.Response.OutputStream. Lookup System.Web.HTTPHandler, System.IO.FileStream, and System.Web.HTTPResponse on MSDN for more information.