In which folder can I store user uploaded images - asp.net

I've a classified ads system on ASP.NET/c#/MS SQL, and I'm trying to figure out where to store the images that people upload when placing an ad. The ad itself is being stored in a SQL server database.
The images are now being stored in a subfolder of my webapp. It seems to work fine, however I only recently discovered a big problem. Everytime a user deletes an ad, the attached images are to be deleted as well including the folder they reside in. This leads to a restart of the asp.net application. I searched internet and found that restarting the web-app is actually intended behaviour when a subfolder is being deleted.
Obviously, I need to fix this. But how to do that? Where can I store images in such a way that:
I can remove these images including the folders they are stored in?
I can acces them using a URL (the images need to be shown in the
webpages)
Without getting the web-app being
restarted?
Any feedback is appreciated!
Paul

See this question Deleting a directory results in application restart
An other alternative would be to store the images in the DB instead.

Another option would be to put the images in a directory completely unrelated to the web site then serve the images through a scripted page or handler. It would make all of your image urls look like mydomaincom/serveimage.aspx?imageid=323422, but unless you're counting on the name somewhere that really shouldn't matter much. Obviously it would require a modification to the page that serves the images in the first place as well, but if sub directories of this unrelated directory are deleted IIS really shouldn't care at all.

maybe you can store the images in SQL (check at the filestream feature in this case)
if not, I suppose you have somewhere in a business facade class, a service class or wherever you want, a methode "DeleteAd".
This method will have to do two things :
-delete the sql data
-delete the file image
also, you may change the image store to another folder, outside the web app. You will probably end with writing a custom handler (myhandler.ashx?fileid=XX) to serve the files, or a custom route and control if you use MVC.

Related

ASP.Net Accessing Server Filesystem

I am having trouble accessing information on the server my website it on. As the website was originally programmed with VB.Net, I cannot change the language without having to completely reboot the website. The way the website and server are configured, I can only use ASP.Net and VB.Net.
I am needing to add a section where they can create folders, edit folder names, and upload pictures and text documents on the server through the public website. I tried using parts of the FileIO, Server, and Http that should have worked, but none of them did. Most of my research is about local files and text documents.
I have not been able to find any information that works. Can someone help me? Thank you.
Firstly, creating a virtual directory in ISS mapped to somewhere on your disk would be a good start. This way you have a separate folder for user data in a folder with write access (make sure IIS has write access to the folder!), and the folder is not affected by website deployments.
Secondly, you might need to resolve absolute path for most of the System.IO.File calls. See How to convert a relative path to an absolute path in a Windows application?, just you will need to convert this code to VB.

Where to store images for albums?

I am creating a module of my website where I can display images in "albums", much like facebook.
For storing/grouping images, I planned on having them in the ~/Images folder inside my application's structure. Is this considered bad practice, or will it open up my application to any security vulnerabilities? I read that you shouldn't place things like this in your site structure, but I don't quite understand why (or if this is the same scenario).
Therefore, albums would be grouped as...
~/Images/album1, ~/Images/album2, etc.
Is this an appropriate thing to put inside App_Data, or is there a more 'preferred' location for things such as this?
Sorry if this is a trivial question.
All three of the answers here are good. There is no preferred storage for uploaded images, it's all up to you based on your requirements.
As Henhealg says, don't store them in App_Data. If you put them here, they will not be accessible from the web. For example, the following would not render an image even if the path was correct:
<img src="/App_Data/album1/image1.png" alt="" />
One option is to have your local ~/Albums directory mapped to a different folder accessible to the web server, like sylon says. This keeps the images out of the directory where your MVC app is served from, but "pretends" that they are there. If you control IIS and can set up a file share, this may be an option for you.
Also, like XToro says, storing them in a SQL database is an option. Storing here is flexible because you don't have to worry about folder or file name collisions. Multiple users can each have albums and files with the same names, yet they won't collide because they don't occupy filesystem space the same way normal files do. If security is important to your app (not showing photos or albums to unauthorized users), having them in a SQL table makes this fairly easy.
However if you are not as worried about security or file naming collisions, you can just as easily store them in your MVC app's ~/Images or ~/Albums directory.
Depending on the performance of your server, you may want to consider storing your images into a database using BLOB
https://dev.mysql.com/doc/refman/5.0/en/blob.html
Images can be easily sorted, organized, categorized without the need to worry about folder structures and folder permissions. Simply use your PHP/AJAX/language of your choice to provide the authentication and choose which files you wish to display.
This way, each image can have it's own fields (as many as you want) like the user who posted it, the original filename, a caption, the album it belongs in etc etc
Since you can easily as a user check where the images are stored once the application is in production, where you store the images does not matter as much as what permissions you set to the folder(s) that the images are stored in.
I would use file system as you are saying but store it outside of the application folder as you are saying it is bad practice. I agree with this - when i do deployments I prefer to delete everything and drop in the new code and keep the web.config file that way I always have a clean environment and it is much easier to get started from scratch without having to worry about what I need to back up or bring from previous install.
I would use IIS to map the directory into my solution wherever I desire from a network share storage or whereever you want to safely keep your albums.
e.g. D:\MySafeStorage\Albums\ map to your website's ~\Albums\ when your website is in C:\inetpub\MyWebSite\

Access to dynamic images on server

I'm developing a web application in which users uploads images and I'm keeping the location of the uploaded image path on server. For example:
C:\fix_directory\a8531.jpg
In my page, I want to display this image but I couldn't. I've tried many things but couldn't find a way of doing it.. This directory isn't part of my project because it will be always updated.
What is the effective way of overcoming this problem?
Thank you
You could setup a virtual directory (yourweb.com/images) which points to your images, or even a web (cdn.yourweb.com).
You could also write a HTTP handler or a file handler (.ashx) in ASP.NET to serve your images from that location.
Update
I guess the most effective way of overcoming this problem would be to store the uploaded files simply somewhere in your web directory.
Update 2
I'm definitley sure, the most effective way of overcoming this problem is to have a real IIS or a Visual Studio Development Server and not trying to do anything with the Vista Home Basic pseudo IIS which can do nothing.
The simplest way would be to make fix_directory a virtual directory within your project inside of IIS, and access the images that way.
A more complex approach would be to do something in the lines of pulling in your image via a FileStream, and outputting it to your website via a ResponseStream.
A common way this is achieved is by creating a generic handler (.ashx) that's only responsibility is to output your images.

How should i browse an image file and save at server in asp.net

I have one requirement from client where they want to browse and save their choice Logo image in a website which i am developing.
Really i don't know how it happens and Is there any issue like security i need to consider while implementing this logic?
Please help me to solve
How user (client) will browse image file and where should i store that file in server?
Every indivisual user can browse file of different size and different name; how can i manage at server side so that image appear at right place and in right manner?
Where should i store image corresponding to user id at server; i.e. in database or file?
Is there any security issue/ folder rights when saving file at server?
Please help?
asp.net has a built in file upload control.. that should be all you need
http://msdn.microsoft.com/en-us/library/aa479405.aspx
https://web.archive.org/web/20211020140211/https://www.4guysfromrolla.com/webtech/091201-1.shtml
http://ondotnet.com/pub/a/dotnet/2002/04/01/asp.html
There are also some awesome Third Party controls that have far more power... I happen to like the RadUpload
This is all dealt with the built in controls
Not sure what you're asking in question 2
If images are user specific, then you should store them in some unique file (I personally prefer using the UniqueIdentifier of the UserID in the Membership Provider... It's harder to "crack" than an ID number (depending on how hidden these image need to be)... you could also store in the database if you need to keep the images completely away from the application so that they cannot be accessed outside of you application.
the application needs to have write permissions to the folder that your storing the images in if you choose to store in a folder instead of the database.

ImageUrl trying to display an image outside of project root

I am working with two different web sites in asp.net. In the first project i upload some images to a specific folder under the project root and save just the filename in the database, now i am trying to display this images at some page of the second project I know the filename from the database and the image folder as absolute pat but I have not been able to display the image, even thought when looking in firebug the image src is correct src="D:/MyFolder/image.jpg" the image does not display, probably because it is not pointing in the right directory.
I have also tried using Server.MapPath and then my D location but still no success.
I am sure someone has faced the same situation before and was really hoping to get some hint to manage this.
Thank you in advance
I found my solution, strange but i didn't catch it before. Uploaded pictures under a project can always be accessed using the url of the project http://www.yourwebsite.com/images/photo.png now in the second project you can use reference the images using this url and concatenating the file name which i store on database. I think this is the best solution and without changing the code access security which i think can bring other problems with it. Anyway thank you guys.
If you want to display the image that is not in your project (I mean it is present in some other project or some other drive) just create the virtual directory in IIS
Go to "Run", type inetmgr
Right click on your project and add virtual directory
Give alias name and path so that it acts like folder in your project
I don't think you can serve files outside of your application path by default. It's called Code Access Security. You can read up on it here:
http://msdn.microsoft.com/en-us/library/930b76w0.aspx
You can fix this by changing your trust level to High in your web.config:
http://msdn.microsoft.com/en-us/library/tkscy493.aspx
I wouldn't recommend doing this for any site that is externally accessible. In fact, depending on how/where you're hosting your application, this option may be restricted.
You can only "link" to files that exist relative to the same project or are hosted on another site via an absolute URL.
If you want to service files outside the application/website (on disk or in a database) you will need to build a mechanism that gets the file and binary writes it to the browser, setting the MIME type etc. This is best done using an HttpHandler.

Resources