1

In my asp.net application, user can send/upload aspx files & those files can be accessed by the users later(there need to implement code level security as it would be better to run the application with minimal permission). So now I need to store these files & where is the better place to store in it. Shall I create a folder giving low permission inside the current project? or shall I create separate virtual directory like "www.mydomain.com/files" & place in it. I want to prevent the restarting of application domain also.

What is the best option to handle this situation?

ramkumar
  • 269
  • 1
  • 3
  • 10

1 Answers1

1

How much interaction do you need between your application & uploaded aspx files? If no interaction is needed or interaction can be handled via out of process store such as database then I will recommend you have have a separate application (and virtual directory) where these files would be placed. This application should be configured to use different app pool and you use user account with minimal security permissions to run this app pool. Note that being different application, your web application would be completely isolated from this app but it also means you cannot share ASP.NET session/app state but you need to resort to say database to share the data.

VinayC
  • 47,395
  • 5
  • 59
  • 72
  • No interaction is needed between my application & the uploaded aspx files(will only contain some calculation logic). – ramkumar Feb 04 '11 at 04:12
  • @user303218, in that case, it would be best if you can run these pages on different app pool (meaning you will need different virtual directory & web application - the directory path may lie under your website such as www.contoso.com\userfiles) – VinayC Feb 04 '11 at 04:15