When creating a new ASP.NET application in Visual Studio, a couple of files and folders are created automatically. One of those folders is called
Also when publishing a website by selecting the menu option
Build->Publish a checkbox is available
Include files from the App_Data folder.
Am I right assuming that the files put in this file and its sub-folders are not going to be accessible through the web? For example, would it be safe to put in that folder resources that I only intend to be used by the application code?
What is the real intended use of the
Thank you for all the answers. From the answers received so far I am interested mostly in two points mentioned:
- App_Data is essentially a storage point for file-based data store
- It should not be viewable by the web and is a place for the web app to store and read data from
Would someone be able specify how the “not viewable by the web” is ensured?
Can I rely on that fact when performing standard deployment, or do I need to check some IIS settings on the server as well.
In the situation when I have a set of pdf files that I want to be accessible only from the application. Would App_Data folder be the right place to use, or should I create a separate folder and manually set IIS to ensure that it is not accessible by Web?
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
App_Data is essentially a storage point for file-based data stores (as opposed to a SQL server database store for example). Some simple sites make use of it for content stored as XML for example, typically where hosting charges for a DB are expensive.
in IIS, highlight the machine, double-click “Request Filtering”, open the “Hidden Segments” tab. “App_Data” is listed there as a restricted folder. Yes i know this thread is really old, but this is still applicable.
The intended use of App_data is to store application data for the web process to acess. It should not be viewable by the web and is a place for the web app to store and read data from.
It’s a place to put an embedded database, such as Sql Server Express, Access, or SQLite.
The App_Data folder is a folder, which your asp.net worker process has files sytem rights too, but isn’t published through the web server.
For example we use it to update a local CSV of a contact us form. If the preferred method of emails fails or any querying of the data source is required, the App_Data files are there.
It’s not ideal, but it it’s a good fall-back.
From the documentation about ASP.NET Web Project Folder Structure in MSDN:
You can keep your Web project’s files in any folder structure that is
convenient for your application. To make it easier to work with your
application, ASP.NET reserves certain file and folder names that you
can use for specific types of content.
App_Data contains application data files including .mdf database files, XML files, and other data store files. The App_Data folder is
used by ASP.NET to store an application’s local database, such as the
database for maintaining membership and role information. For more information, see Introduction to Membership and Understanding Role Management.
The main intention is for keeping your application’s database file(s) in.
And no this will not be accessable from the web by default.
We use it as a temporary storage area for uploaded csv files. Once uploaded, an ajax method processes and deletes the file.
The intended use for App_Data is to store database related file. Usually SQL Server Express .mdf files.