I have a ASP.Net website and in some cases it's generating .pdf-files and .csv files for users to download.
Now my question: What is the default directory for saving that files on the webserver? Is there any ASP.NET Folder like App_... or something like that?
What can you recommend?
If you don't want to reuse the files, stream the files directly without saving it to disk.
If you save it to disk you have to ask yourself if the content of the file is to be available to all users or if it's a bad idea that other users can access the files. If it's a bad idea, the folder you put the files in should be made unavailable to the users by setting access rights correspondingly. You can either do this by putting the folder outside of the web site directory or by setting security settings in the file system or on the web server.
You can basically put the files in any folder that is made writable for the user writing the file (typically the ASP.NET App Pool user). IIRC the App_data folder is writable by default for the ASP.NET user, so that could be a candidate.
You can create your proper folder for this need
Here list of specific Folder (But you don't need):
App_GlobalResources,
App_LocalResources,
App_Resources
App_Themes
App_WebReferences)
App_Code
App_Data
App_Browsers
Here MSDN link about project structure
Link : http://msdn.microsoft.com/en-us/library/ex526337%28v=vs.100%29.aspx
It's really up to you! I would recommend you put them in a sub folder of your solution so that they are self contained and you can easily control security without worrying about folders further down the tree.
Folder is anything you tell it to be. If you have low volume you could just stream the files from memory so they're not stored on the server.
It is also important that you consider whether you are going to have more than one web server, and have servers in a cluster. To be ready for such a case, it is better not to keep the files under the web application folder, and not to access them relatively to the application path, but keep the files in a separate folder that you could easily expose (there will still be security issues) as a network path.
Related
This relates to my previous post.
https://stackoverflow.com/questions/45937117/c-sharp-unbale-to-access-
downloads-folder?noredirect=1#comment78832001_45937117
What I want is to access "Downloads" folder from an ASP.Net web application.
string pathUser =
Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string pathDownload = Path.Combine(pathUser, "Downloads");
string commentImagePath =pathDownload +"\\test.png";
Then I realized that the above code works in a Desktop application.
That is the UserProfile is available in that "Environment", but not in the web application's environment.
I have some download happening, and the content will be downloaded to the "Downloads" folder.
That is why I need the "Downloads" folder . I need to access that content.
Please help me with this.
Think that the Downloads folder is different for each user in the system , so you'll get c:\users\usera\downloads and c:\users\userb\downloads. So when you mean Downloads, you actually mean a different physical path.
At the same time, your ASP .NET application, if hosted in IIS will impersonate a specific user, so make sure that user has enough privileges to the path of interest. Also consider that the Downloads folder might be a folder that Windows will protect by default from being accessed across accounts.
I think you'd be better off saving files to a specific folder relative to your root of the website. Otherwise try to map specific folders from your drive as a Virtual Directory in IIS so the site would see it as relative to root, whilst in reality it lives somewhere else.
I have 4 independent ASP websites deployed in IIS server.
I access my website images using relativePath so i have root/path_to_files (something like that).
My problem is i want to access website1 images folder from website2 and so on, web3 access web4 (you get the picture).
I tried absolutePAth but security reasons (not safe) blocked me.
I`m reading the name and path of the repositories from a file.
What can I do, without remaking all or create a central repository(and upload all files there).
EDIT 1: using url is locked but i can unlock.
I can use url to get/list folders and images and use them ? Like resolve a url in a relativePATH to other website?!
Central repository the site is allready in production it will have big impact time/benfit to do that.
Have you considered symbolic links? You can make a shared image folder. Then each folder can see that "image" folder as its own.
In a WebMatrix web site, where User Profiles are dynamically generated from the Database, where and how should I store user uploaded content?
I don't want this content to be publicly viewable unless the user has chosen make their profile, and uploaded content Publicly viewable.
But I can't just shove it all in a separate directory, since all you need to do is guess the location where such content is stored, and then browse the list of files in that dir. So, should I place it outside my \root directory (I don't think this is possible in some Shared hosting environments), or should I somehow insert this content into a database? (I'm trying to avoid this option as best as I can).
For content like Images and Videos, I was thinking that I should use a trusted Storage provider / image host type service where I would have API access used to store and retrieve these files, and then just store a link to the file uploaded to the file storage host in my database?
You could either
Store the extra files along the other user details in the database. (you probably want to discuss this with the db admins before implementing your storage like this)
Put the files on a fileshare your ASP.NET application has access to but that is not accessible from the web.
Turn of directory browsing and put the files there. "everyone" can't browse all files but it does mean that anyone that has a direct link can download that file without being logged in.
I would go with option 2: Put the files in a directory not directly accessible from the web and channel all downloads through your web app so that you control who can download what.
We have two separate web applications for a site: One for the site itself, and one for the cms/administration side. I'm not sure why the original developer designed it this way, but whatever.
I am tasked with adding some functionality to the administration side that uploads files. These files then need to exist within the folder structure of the actual site. I was thinking I might have to write a web service that sits on the actual site that accepts the file bytes and file name from a call within the administration site, and creates the file in the correct folder, but I was wondering if anyone had any ideas about a cleaner way to accomplish the same thing.
In general, how would you tackle a scenario where you upload a file on one site, and send it to the directory structure in another?
Thanks in advance!
The solution I ended up going with is to store the full file path to the other site in the web.config. It's not the most elegant solution, but it works and I'm mildly happy with it since it is easily maintainable across dev/staging/production.
You could create a Windows Service to transfer the uploaded files from one folder to another.
After a file is uploaded on the admin site, the windows service moves the file over to the correct location on the other site. You just need to decide how to communicate with the service - you could add details about the uploaded file to a message queue that the service monitors or perhaps you windows service might just watch the upload folder for any new files.
I'm creating an application that is able to generate xml licenses.
The application is secured by forms authentication.
Now the problem is that if I create a physical xml file that file can be downloaded even with the security enabled.
How would you guys secure this license file?
You could put it in the App_Data folder.
Don't know about asp.net, generally though, I'd just create the file someplace in the filesystem which is not accessible through the web, and if needed, relay it through your application, previously checking authentication...