I have an application with 2 directories (books and export).
If we create a book or a page of a book in the application a directory is added with the id of the page (this is for uploading resources).
If we delete a page, the page (and it's directory) is removed from the database and the filesystem.
However this resulted in a session loss (even an application restart). I've looked up some thing on google and found the following link.
It seems to be a problem in ASP.NET 2.0 (and 3.5).
We are now thinking about writing a service that will clean up the directories at night.
But there has got to be another solution for this no?
Oh and putting the directory outside the virtual directory is not an option.
Try disabling the monitoring of File System. This will prevent your session alive.
This article may be usefull for you.
Oh and putting the directory outside
the virtual directory is not an
option.
Putting the directory outside the virtual directory is the only solution I found (so far). What you can do, is to create a link (junction) in the file system so that the directory appears to be inside the virtual directory, e.g:
Our web site (virtual directory) is located at C:\projectX\website
the data directory (where we create/delete files and folders) is located at C:\projectX\data
then we create a link which makes the data folder available as C:\projectX\website\data
The link is created using the program Linkd.exe (available in the windows resource kit), with the following command:
linkd c:\projectX\website\data c:\projectX\data
Now c:\projectX\website\data is a link/junction which points to the real data directory. You can work with the link as if it were a physical directory.
E.g. in your web site you can access it using this code:
Server.MapPath("~/data")
And you can also used the windows file explorer and browse to C:\projectX\website\data. It appears just like a real directory.
There seems to be a supported hotfix which achieves the same as the article Sachin mentioned (turn off the file change notifications in a web site).
Check this article in the microsoft KB for more information.
But since you mentioned in a comment, that you do not have access to the server, I guess this will also not help in your case.
For storing data files that are frequently updated, created and deleted you need to use App_Data folder in the root of the web site. MSDN for App_Data folder states:
Contains application data files
including MDF files, XML files, as
well as other data store files. The
App_Data folder is used by ASP.NET 2.0
to store an application's local
database, which can be used for
maintaining membership and role
information.
Also check Q&A section for App_Data folder usage: App_Data folder question
I had the same problem. The solution is to externalize the session handling by using the ASP.Net State service. The only draw back is that every object you place in the session needs to be serializable, as it is transferred to the state service and back.
I currently do not have the possibility to provide further links, but google will help you, now that you know what to search for.
Related
I am having trouble accessing information on the server my website it on. As the website was originally programmed with VB.Net, I cannot change the language without having to completely reboot the website. The way the website and server are configured, I can only use ASP.Net and VB.Net.
I am needing to add a section where they can create folders, edit folder names, and upload pictures and text documents on the server through the public website. I tried using parts of the FileIO, Server, and Http that should have worked, but none of them did. Most of my research is about local files and text documents.
I have not been able to find any information that works. Can someone help me? Thank you.
Firstly, creating a virtual directory in ISS mapped to somewhere on your disk would be a good start. This way you have a separate folder for user data in a folder with write access (make sure IIS has write access to the folder!), and the folder is not affected by website deployments.
Secondly, you might need to resolve absolute path for most of the System.IO.File calls. See How to convert a relative path to an absolute path in a Windows application?, just you will need to convert this code to VB.
I have an asp.net website that create some xml files on the fly. I succeed to run this on my pc. but when I upload the project to the hosting (Godaddy) the file xml files can't be created. I already fixed the permission to the destination folder, but nothing change. still can't create the xml files.
Are there any solutions to my problem ? thanks
I think the problem is trust level.GoDaddy's trust level medium.Thus you can not create xml file due to security reasons.You should find another hosting company which allow full trust level.
I've had a very frustrating experience on putting an MVC 5 app on Azure. I have been reading the following page: http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure
But what I haven't managed to put in my head is the following:
Security Warning: Do not add your secrets .config file to your project or check it into source control. By default, Visual Studio sets the Build Action to Content, which means the file is deployed. For more information see Why don't all of the files in my project folder get deployed? Although you can use any extension for the secrets .config file, it's best to keep it .config, as config files are not served by IIS. Notice also that the AppSettingsSecrets.config file is two directory levels up from the web.config file, so it's completely out of the solution directory. By moving the file out of the solution directory, "git add *" won't add it to your repository.
And:
Security Warning: Unlike the AppSettingsSecrets.config file, the external connection strings file must be in the same directory as the root web.config file, so you'll have to take precautions to ensure you don't check it into your source repository.
The problem is the following: When I upload the Web.config file with the external files without being included I get hit by "The System cannot find the file specified", so for it to go away I must include the .config files defeating the purpose of Microsoft's post.
I really really really do not understand. I have added the connectionStrings and appSetting's keys in Azure's portal. What is the correct and secured way of putting my passwords and secrets online? What am I missing? Is it because I'm running in Debug mode?
According to this:
How can I secure passwords stored inside web.config?
There is nothing to worry about accessing the Web.config file...
But that just defies Microsoft's post.
Thanks.
I find the following technique to be the easiest way to do this.
Instead of putting the deployment values of these settings into the web.config, I keep the test values in there instead. I then put the deployment values into the Application Settings section of the Azure Website via the Azure Portal:
When the website runs, these settings will take precedence over what is in the web.config. This helps me avoid externalized files, allows me to keep sane development configuration that the team can share, and makes deployment very easy.
The best way is to set your secrets in the Connection Strings section of the portal. Any values set there will override values you specify in your web.config file.
This way they are only exposed to people who have admin access over the site itself. Having full access to the source won't even be enough to get the secret values.
More details here
I know that there at least two approaches to leverage the web.config file:
using the configSource attribute which was introduced in .NET 2.0 - here is a good blog entry about it.
The file attribute of the appSettings tag which lets you point to an external file with a relative path. Described in the MSDN documentation on the appSettings element.
Now, my problem is that both approaches work well only for physical paths. But I need to address a config file which is in a virtual directory.
Which other method could I use to put my config resources in a virtual directory?
Note: I want to do it this way, because I have multiple instances of my web application on the same server (and that on many servers). To keep deployment easy and clean, I want to keep one directory for all the files (aspx, ascx, images, css, js etc.) and point the web apps in IIS for different customers (=domains, https etc.) to this single directory. In every IIS web I would have a virtual directory called "custom" which points to a different folder for each web.
Update: I'd like to point out that this virtual directory "custom" is not suited to contain an inherited web.config - that web.config would be valid only for the custom folder which doesn't contain aspx/ascx files.
I have the same scenario and after reading you post I realised that asp.net won't let you do this for various security reasons.
Therefore I turned to the OS to find an equivalent to the Linux soft link function which in turn led me to the Junction utility from sysinternals. This can create a directory that is actually any other directory on that volume and asp.net can't tell the difference and so happy loads the config sections that are not actually in a subdirectory of you website. Works for me :)
Virtual Directories can be set as applications, and you can just place another web.config there.
It will inherit any changes from the parent config, and you can add custom settings in it.
I was looking to do the same thing but it did not work, so I decided to do the opposite, as you know the web.config can be inherited, so I pointed IIS to a folder containing the client config (connection string, file path etc) files and the website files i put them on a virtual directory with the rest of the webconfig (where it load dll and other application files needed)
So basically i can use the website files to multple clients and the clients with their own Database connection string and other specific client settings.
I have a ASP.NET application that we've written our own logging module for.
My question is, where is the standard place to write a log file to? I.e. the website will be running as the anonymous user identity (e.g. IUSR on IIS7) and I need a place where I know it'll have permission to write to.
Cheers,
App_Data folder on the root of the project. It isn't served to web requests; so other people can't snoop for it.
I would suggest putting the log file onto a seperate disk, though should give you a little performance gain so that your not trying to both read and write to the same disk as the website. If you cannot put the log file on a seperate disk, then I would simply choose a folder of your choice.
In any case, you will have to give the "Network Service" account "Modify" permissions to the desired folder.
If on the other hand, you have access to a databse, then log the information there. It will be much quicker than accessing the hard drive and won't be publically available. You'll also be able to report from the data quite easily.
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
So for the moment I'm going with the CommonApplicationData Folder.
On Vista/Server 2008 this is C:\ProgramData\
On XP/Server 2003 this is C:\Documents and Settings\All Users\Application Data\
I'm not in a position to modify the permissions on folders (especially outside of the virtual directory home folder), and don't already have an App_Data folder, so am a bit hesitant to go with that.
If you have a website, you clearly have a folder somewhere. Can you not add a (non-web-facing) subfolder? It seems like that would be a more appropriate place to put your logs than dumping them into a global, shared folder.
You could also log to the Windows Event log or to a table in a database. How often are people looking at the event log? If it's being examined on a regualr basis, writing to a table amkes the reporting back much easier as it's trivial to reverse the order and only show the last X events for the current time period. The Windows Event log you can also query the Windows Event Log through PowerShell or with LogParser.
Push the app_data is the best idea, just bear in mind, when the publishing the projects, if the option "Delete all existing files before publishing" is ticked, then the current data in the folder will be gone. The workaround is to skip the deletion of app_data folder.
Another option to do logging is to use some existing framework such as Log4net.