I have a web app where the administrator can create news, pdf documents and other stuff in his cms panel.
The problem is when the admin delete a new or something else the app deletes all the files related to that new, I mean the images, pdfs and other documents. Tha main problem is those files are stored in folders under the "news" folder and when the app deletes them the session is lost.
How can I do to have a file system without losing the session?
I'd like that file system within the app folder...
Impossible for us to store those folders outside the app and we don't want to use StateServer because of the performanne....
Any other solution?
Thanks
Your session is lost becasue IIS recompiles. The easiest solution in my opinion is to store your files outside the wwwroot.
Discussed on SO: ASP.NET restarts when a folder is created, renamed or deleted
[Update]
Example:
Let's stay your app is in c:\inetpub\wwwoot\virtualdir1
You make a work directory:
c:\inetpub\inetwork
Give the proper rights (read/write/etc) to the Asp.net user of your app pool and it should all work like a charm.
More info on setting the rights: What are all the user accounts for IIS/ASP.NET and how do they differ?
Store the path to the workdirectory in your web.config (you no not want to hardcode it)
Having those files within the app folder is a poor desgin. The session is probably lost as you are causing IIS to recycle due to the file system changes. It is much safer to not have your web application able to write to its own folder, doing so is a security risk.
Separate your document folder and web site folder. And give right permission your document folder.
Related
Is it possible to rename/move or delete files from a web application (ASP.Net MVC) that are on a server folder just like how you would do it locally? I would want the user to be able to upload say 30 files (from a scanner auto-feed) into a temporary folder on the server (cannot save it locally due to data security) and then allow the user to be able to rename /move before uploading them onto Azure blob storage.
I saw few examples - jquery file tree seemed good but not sure if it allows rename and moving. Please suggest solutions for working with the server folder. I intend to delete the server folder after I am done transferring files to Azure. TIA.
Yes, you can do this by giving the USER that is running the ASP.Net application (defaults to IUSR) permissions to write to that folder.
Be very careful though, as you're potentially opening your website for abuse when doing this.
See: https://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis for how IIS users operate.
I'm having a bit of trouble with an ASP.Net MVC project.
The users can upload images, which are stored with an ID in the database, and the files are then stored in /Files/Images/ID/
Upon deleting the images again, I delete the folder /Files/Images/ID (that's the ID folder being deleted)
However when deleting a folder under the project, the application immediately resets, thereby losing all session and throwing all my users off.
Is there any way to mark a path so ASP.Net doesn't reset upon changes being made to the path ?
It's very simple. Your ASP.NET application should not be performing file write or modify operations within the paths of your ASP.NET application. Use a different path for where you store the uploads.
I have a shared hosting account in which I upload my ASP.NET application. I let the user upload .doc files inside a folder, the problem is I only want logged users to be able to download those files, so I wrote a dispatcher, you give it the id and it reads the file and writes it to the browser, hiding the file location, nevertheless I want to protect the directory where all the files are, so you can only download files using the dispatcher, I tried marking it as a password protected directory, but now ASP.NET can't get access either.
You need to restrict the NTFS permissions on that folder to only allow the user your applicaiton is running as. This might be difficult in a shared host environment...
The ideal solution would be to move the folder outside of the site root but I guess as you are using shared hosting this may not be possible.
One other solution would be to move docs to the App_Data folder which is protected by .NET (see here What is the App_Data folder used for in Visual Studio?)
Our asp.net app writes errors to a text log file in the web sites root folder. This has lead to all sorts of permission problems, different flavors of IIS and windows allow different things by default.
So what I am wondering is there a location somewhere in Windows where all types of users can write a file without any extra permissions that will also work for all IIS and flavors of windows?
I am thinking of the ApplicationData folder, but did this exist in Server 2003 ?
Thanks,
AJ
The easiest solution would be to use the App_Data subfolder of your web application for this. By default it's not viewable from the web, so Internet clients won't be able to read the logs.
Depending on your deployment method, you might have to change the permission to allow write access to this folder (to the user under which your web application is running).
Alternatively, there is a place where every user can write to: It's that user's temporary folder, which you can access through Path.GetTempPath. This, however, does not sound like a suitable location for log files.
You should always first think about wwwroot folder (%systemdrive%\inetpub\wwwroot) because it has the required permission.
The permission you need is to set a full control for IIS_IUSRS
Edit: you can simply give Everyone Full Control (not recommended at all) but this solves most of ntfs permissions issues with IIS
I used iis6, and when i called a function Directory.delete(), the all the session relate this website will be logged out.
and i debugged the website, i found no exception.
any one have ideas on this ?
Thanks in advance!
I assume the directory you are trying to delete is within the website folder.
When you delete a folder inside a website, then asp.net will restart resulting in loss of session state.
To avoid this problem
1) Try to implement out-of-process session state.
OR
2) Move the folder out of web application folder.
If you create, delete or change any directory or files underneath the web application directory while the app is running, ASP.NET unloads the appdomain thinking that the code has changed and needs to be reloaded. This clears all session state, etc. You'll need to move any file/directory create/delete/change stuff to a directory outside the web application directory.