I'm using the App_Data folder for uploaded images.
This is because each image is given an ID in the database, and stored in several formats.
I therefore create a directory with the ID as its name, and put all the formats inside it, like this:
App_Data/1/original.jpg
App_Data/1/thumbnail.jpg
And so forth.
This is done because I can delete the directory "1" without causing an application restart.
However I still want to show these images on my site, and App_Data cannot be read by default.
Is there anyway to grant read access to this folder ?
Until now I've been using a generic handler to serve the images, but that's quite an overhead
Related
I need to store pdf files that will keep increasing with time on a folder for my app. But I'm not sure which method is consider 'good practice' between if I should store it in a folder within the project architecture (i.e. inside Content folder) or in a folder outside the app. I tried searching online but most people just mention 'File System' and don't give examples on where do they store it.
So my question is, when people mention storing files on the File System, do they usually mean storing it in a folder inside the app (like Content folder) or do they mean storing it in a folder outside the app?
For example: let's say my apps folders/files are within the container folder: /Container/AppFolder/. Should I store the pdf files on the apps Content folder (i.e. /Container/AppFolder/Content) or should I create a new folder OUTSIDE the apps folders to hold these pdf files? (i.e. /Container/PDFFiles, so basically two folders within the container folder - one folder for the pdf files and the other folder for the app)? Which one is consider a good practice? I have considered just putting these files on the Content folder but as the amount of files keep increasing I'm not sure if is bad practice.
Thanks in advance.
You can put it where ever you want on the server, the program will just need proper permissions to that location (I use the IO namespace). However you should put thought into how to organize the files and folders. Is each file to be tied to a specific ID or just all in 1 folder? Think of things you'll need to handle like invalid file names (special characters), duplicate file names etc. Is the location strictly 1 way (upload only)? Or are you enabling download functionality? If you have download functionality stress security, probably creating a download.aspx page specifically for handling download requests and authentication.
In my asp.net website, users can upload multiple files, which reside in 'upload' folder on server's hard drive. I am saving the files by renaming them with username + original file name
Example : if I upload file 'user.text' and my code is 1000, then the file will be saved in upload folder with name '1000_user.Text'. This is for identification of file against a particular user.
Now, when admin logs in application and selects a user, he should be able to see all files uploaded by him/her. Files should be in downloadable format to him.
How can I achieve the same? I have totally no idea, how to go for it ?
This is not how you ask a question on SO. Anyway already a piece of advice :
Store your files OUTSIDE of the webroot, and use a script in your website to get the files and render it to the user. This is for security reason : if someone manages to upload a malicious file, you don't want him to be able to execute it from the web.
Store file info and upload info in a database : who uploaded what and when ? Relying on file name isn't a good idea. You could also store the file in the database eventually (as a BLOB), but I prefer the good old filesystem
I can suggest you couple of ways based on feasibility. Approach 1 - If you can make database changes, when user is uploading a file you should save dynamically generated filename against the user in database. This way when admin logs in and wants to see all the files uploaded by user, you just need to make a database query and show them in a grid. When user clicks on the file name, you can fetch the file from harddisk and allow it to download to admin.
If database change is not feasible, your task will be more difficult. You will have to query in your directory with username in all the files. You can make use of LINQ to make this task little easier to you. Once you have got all the list, show it to admin.
I would recommend you to save metadata about the file on the database (like original file name and username). Then you could use this metadata to find the files that the user have uploaded. Give the files a file name on disk that is based on a unique ID in the database table. That way a user can upload several files with the same name. Make sure that this folder is not located within you application so that they are accessible with a url for security reasons.
The most recommended way to achieve this is to use a database, it is same as a module of Gallery where a user has albums and some pictures in albums. Admin can view each user's album and pictures in the album. you have to introduce two tables in your database. I having the category information of files being uploaded (master table) and other table having the info about the files itself (details table).
The other way is to create a hierarchal folder directory for each user for file categories in your application and then recursively read the directories and fields and then list them up to show them to application users. this would be costly i guess when number of files will increase.
I am creating a module of my website where I can display images in "albums", much like facebook.
For storing/grouping images, I planned on having them in the ~/Images folder inside my application's structure. Is this considered bad practice, or will it open up my application to any security vulnerabilities? I read that you shouldn't place things like this in your site structure, but I don't quite understand why (or if this is the same scenario).
Therefore, albums would be grouped as...
~/Images/album1, ~/Images/album2, etc.
Is this an appropriate thing to put inside App_Data, or is there a more 'preferred' location for things such as this?
Sorry if this is a trivial question.
All three of the answers here are good. There is no preferred storage for uploaded images, it's all up to you based on your requirements.
As Henhealg says, don't store them in App_Data. If you put them here, they will not be accessible from the web. For example, the following would not render an image even if the path was correct:
<img src="/App_Data/album1/image1.png" alt="" />
One option is to have your local ~/Albums directory mapped to a different folder accessible to the web server, like sylon says. This keeps the images out of the directory where your MVC app is served from, but "pretends" that they are there. If you control IIS and can set up a file share, this may be an option for you.
Also, like XToro says, storing them in a SQL database is an option. Storing here is flexible because you don't have to worry about folder or file name collisions. Multiple users can each have albums and files with the same names, yet they won't collide because they don't occupy filesystem space the same way normal files do. If security is important to your app (not showing photos or albums to unauthorized users), having them in a SQL table makes this fairly easy.
However if you are not as worried about security or file naming collisions, you can just as easily store them in your MVC app's ~/Images or ~/Albums directory.
Depending on the performance of your server, you may want to consider storing your images into a database using BLOB
https://dev.mysql.com/doc/refman/5.0/en/blob.html
Images can be easily sorted, organized, categorized without the need to worry about folder structures and folder permissions. Simply use your PHP/AJAX/language of your choice to provide the authentication and choose which files you wish to display.
This way, each image can have it's own fields (as many as you want) like the user who posted it, the original filename, a caption, the album it belongs in etc etc
Since you can easily as a user check where the images are stored once the application is in production, where you store the images does not matter as much as what permissions you set to the folder(s) that the images are stored in.
I would use file system as you are saying but store it outside of the application folder as you are saying it is bad practice. I agree with this - when i do deployments I prefer to delete everything and drop in the new code and keep the web.config file that way I always have a clean environment and it is much easier to get started from scratch without having to worry about what I need to back up or bring from previous install.
I would use IIS to map the directory into my solution wherever I desire from a network share storage or whereever you want to safely keep your albums.
e.g. D:\MySafeStorage\Albums\ map to your website's ~\Albums\ when your website is in C:\inetpub\MyWebSite\
I've a classified ads system on ASP.NET/c#/MS SQL, and I'm trying to figure out where to store the images that people upload when placing an ad. The ad itself is being stored in a SQL server database.
The images are now being stored in a subfolder of my webapp. It seems to work fine, however I only recently discovered a big problem. Everytime a user deletes an ad, the attached images are to be deleted as well including the folder they reside in. This leads to a restart of the asp.net application. I searched internet and found that restarting the web-app is actually intended behaviour when a subfolder is being deleted.
Obviously, I need to fix this. But how to do that? Where can I store images in such a way that:
I can remove these images including the folders they are stored in?
I can acces them using a URL (the images need to be shown in the
webpages)
Without getting the web-app being
restarted?
Any feedback is appreciated!
Paul
See this question Deleting a directory results in application restart
An other alternative would be to store the images in the DB instead.
Another option would be to put the images in a directory completely unrelated to the web site then serve the images through a scripted page or handler. It would make all of your image urls look like mydomaincom/serveimage.aspx?imageid=323422, but unless you're counting on the name somewhere that really shouldn't matter much. Obviously it would require a modification to the page that serves the images in the first place as well, but if sub directories of this unrelated directory are deleted IIS really shouldn't care at all.
maybe you can store the images in SQL (check at the filestream feature in this case)
if not, I suppose you have somewhere in a business facade class, a service class or wherever you want, a methode "DeleteAd".
This method will have to do two things :
-delete the sql data
-delete the file image
also, you may change the image store to another folder, outside the web app. You will probably end with writing a custom handler (myhandler.ashx?fileid=XX) to serve the files, or a custom route and control if you use MVC.
I have a scenario where a user will have access to a one-time-url.
When the user clicks on the URL, specific files will be available to that user.
I have many files on the site but would only like certain files to be accessible by that user.
I have though about generating an authenticated cookie and using forms based auth and applying permissions to a certain folder, but I need authorization on indiviual files. and the files will constintly be changing.
What would be the best way to give a user only access to specific files? (I won't display the other files, but I still do not want other files available if they are typed in the URL)
I would create an .ashx (handler file) and have that serve the files to the user (load into memory and then write the contents out by pushing the file to the content stream). That way the end user never has permissions to the actual files on the system but can still access them. Your code can then control when and how long each file is available to a user.
I would provide an abstraction around the actual file retrieval. That way the user never sees file name. Something like www.example.com/File.aspx?id=SOMERANDOMGUID
That RANDOMGUID could reference a file in the back end.
If you have lots of disk space, one way to accomplish this is to copy the files to a randomly-generated folder, so that the URL to a user's files is unique for each user.
I think it would be easier if your files are associated with an ID and the path is kept in the database. This way you can pull the files using the ID.