Exposing private entities for non logged in visitors


I'd like to have some expertise here of you guys.
I'm working on a sort of 'vault' where members can generate a secure link for an entity to show them to non-members.
I have my own authentication (sms, one time access). the token in the link they got, get saved together with their session id if their sms authentications comes back as a success.

At this moment I did it by using a pagehandler (https://domain/vault/guid?token) this page handler checks if the user is authenticated and if he is, it ignores access, shows the entity and sets access back.

This however is a bit difficult, because it shows them the entity as they were there own, and what I really want to do it to show the entity as if they were public.
Does anyone knows any other options I can try?

Thanks in advance for opinions :)