Try using a simple HttpResponseMessage with its Content property set to a StreamContent:

// using System.IO;// using System.Net.Http;// using System.Net.Http.Headers;public HttpResponseMessage Post(string version, string environment,    string filetype){    var path = @"C:\Temp\test.exe";    HttpResponseMessage result = new HttpResponseMessage(HttpStatusCode.OK);    var stream = new FileStream(path, FileMode.Open, FileAccess.Read);    result.Content = new StreamContent(stream);    result.Content.Headers.ContentType =         new MediaTypeHeaderValue("application/octet-stream");    return result;}

A few things to note about the stream used:

• You must not call stream.Dispose(), since Web API still needs to be able to access it when it processes the controller method's result to send data back to the client. Therefore, do not use a using (var stream = …) block. Web API will dispose the stream for you.

• Make sure that the stream has its current position set to 0 (i.e. the beginning of the stream's data). In the above example, this is a given since you've only just opened the file. However, in other scenarios (such as when you first write some binary data to a MemoryStream), make sure to stream.Seek(0, SeekOrigin.Begin); or set stream.Position = 0;

• With file streams, explicitly specifying FileAccess.Read permission can help prevent access rights issues on web servers; IIS application pool accounts are often given only read / list / execute access rights to the wwwroot.

For Web API 2, you can implement IHttpActionResult. Here's mine:

using System;using System.IO;using System.Net;using System.Net.Http;using System.Net.Http.Headers;using System.Threading;using System.Threading.Tasks;using System.Web;using System.Web.Http;class FileResult : IHttpActionResult{    private readonly string _filePath;    private readonly string _contentType;    public FileResult(string filePath, string contentType = null)    {        if (filePath == null) throw new ArgumentNullException("filePath");        _filePath = filePath;        _contentType = contentType;    }    public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)    {        var response = new HttpResponseMessage(HttpStatusCode.OK)        {            Content = new StreamContent(File.OpenRead(_filePath))        };        var contentType = _contentType ?? MimeMapping.GetMimeMapping(Path.GetExtension(_filePath));        response.Content.Headers.ContentType = new MediaTypeHeaderValue(contentType);        return Task.FromResult(response);    }}

Then something like this in your controller:

[Route("Images/{*imagePath}")]public IHttpActionResult GetImage(string imagePath){    var serverPath = Path.Combine(_rootPath, imagePath);    var fileInfo = new FileInfo(serverPath);    return !fileInfo.Exists        ? (IHttpActionResult) NotFound()        : new FileResult(fileInfo.FullName);}

And here's one way you can tell IIS to ignore requests with an extension so that the request will make it to the controller:

<!-- web.config --><system.webServer>  <modules runAllManagedModulesForAllRequests="true"/>

For those using .NET Core:

You can make use of the IActionResult interface in an API controller method, like so...

    [HttpGet("GetReportData/{year}")]    public async Task<IActionResult> GetReportData(int year)    {        // Render Excel document in memory and return as Byte[]        Byte[] file = await this._reportDao.RenderReportAsExcel(year);        return File(file, "application/vnd.openxmlformats", "fileName.xlsx");    }

This example is simplified, but should get the point across. In .NET Core this process is so much simpler than in previous versions of .NET - i.e. no setting response type, content, headers, etc.

Also, of course the MIME type for the file and the extension will depend on individual needs.

Reference: SO Post Answer by @NKosi