Where Should Data Be Stored For A .NET Web Application

Featured: Featured Stories | Picture Gallery

State Of Virginia | State Of Hawaii

Chat11.com Web Bible11.com MyBibleCenter.com

Java Programming For The Absolute Beginner Programming .NET Components

Where Should A Web Application Store It's Persistent Data?

.NET Web Application Programming

Subjects > Computers > Software > Programming > Web Application Programming For .NET
By Garnet

For some web applications, it's fine to store data in local files on the web server hard drive. An example where this could be OK is in a document centric web application, like a wiki. Each page of the wiki could be stored as a separate file on the hard drive. If the wiki has only a single level of directory allowed (no subpages), all the pages could be stored in a single directory. For performance purposes, though, you might want to consider a custom directory structure that divides the files for the wiki into multiple subdirectories, for example, by first letter of the file name.

Where should these files be placed? What about security considerations? Should the directory containing these files go within the web server directory structure, for example, under the virtual directory for the web application? FlexWiki?Create, a .NET based wiki originally written by someone at Microsoft takes this approach. Various subdirectories are created within a directory under the application's physical directory, and these directories are used to store various separate wikibases, according to the information in an XML configuration file.

So for example, the application might store it's data at c:\inetpub\wwwroot\flexwiki\WikiBases?Create with separate directories such as MyWiki?Create, and Namespaces.Second, under there. If you install this on your local machine, you might access it through a URL like this: http://localhost/FlexWiki/default.aspx

Unfortunately, since the data is stored within the application directory, a URL like this will pull up internal files of the FlexWiki?Create:

     http://localhost/FlexWiki/WikiBases/MyWiki/MyWiki.wiki

ooops! Maybe it's not too harmful to see the original text of the wiki pages, since in this case these files store nothing other than the unparsed wiki text. But it is good thing the file didn't have any secret information like passwords, or unprintable binary control information. Other wikis store a lot more information in the files that they keep for the pages of the wiki.

FlexWik?Create is configured through the web.config custom configuration section method of .NET application configuration. So if someone changes the default settings of FlexWiki?Create, it could be hard to guess the directory structure. You can't see this file, since IIS and .NET guard the web.config files from access via browser. There is documentation that the web.config files have an inheritance and override mechanism, but unfortunately, at least on Windows XP with IIS 5, it doesn't seem to have any effect to try and block access to the data directory by placing a web.config in the MyWiki?Create subdirectory with an deny="*" directive. These web.configs are supposed to nest, but I haven't seen that work.

Another possibility is to use Isolated Storage for .NET applications. .NET defines isolated storage as "Isolated storage is a storage mechanism that provides isolation and safety by defining standardized ways of associating code with saved data." Typically, Isolated Storage is keyed to application and user, so that each user of the application has their own data storage area. Administrators can set allowable maximums on the size of the data storage area for users.

Isolated storage is part of the .NET security system that allows each application to have a unique storage area that is entirely isolated from other applications. It looks like a mini file system that is accessible only by that application. From the outside, it is not possible to see what kind of directories or files have been created. See the System.IO.IsolatedStorage?Create namespace for more details.

Configuring your web application to find it's data is easy:

  <configuration>
    <appSettings>
        <add key="dsn" value="myserver"/>
        <add key="datapath" value="d:\applicationdata\"/>
    </appSettings>
  </configuration>

NOTE: The appSettings tag is case sensitive. If you use appsettings instead, you'll get this error from the .NET framework:

   Parser Error Message: Unrecognized configuration section 'appsettings'

It's easy to read this:

  Dim AppSettings?Create as Hashtable = Context.GetConfig?Create("appsettings")
  Dim DSN as String = AppSettings?Create("dsn")
  Dim MyAppDataPath?Create as String = AppSettings?Create("datapath")

It's even easier to read the datapath from C#:

  string MyAppDataPath?Create= System.Configuration.ConfigurationSettings?Create.AppSettings?Create["datapath"];	

Some google queries I tried:

• .net "web application" "data storage"
  • http://support.microsoft.com/default.aspx?scid=kb;en-us;309018 Store Data in Application Score with VB.NET (Q309018)
    • Shows how to store application-wide data through the Application, Cache, and AppSettings?Create objects. Not really suitable for persistent data like the pages of a wiki.
    • Note that if you modify either the Global.asax or the Web.config file (even with Notepad), the Web application is restarted. This purges all data that is stored in memory, such as application and cache data, as well as session data if it is stored in memory (that is, if you are using InProc?Create session state mode).
  • Storing application settings: http://www.dotnet101.com/articles/art018_AppSettinsInConfig.asp
  • Course 2310 - http://www.microsoft.com/traincert/syllabi/2310BFinal.asp - ASP.NET and VB.NET course. Looks like the information covered in 70-305 and 70-315 MCAD/MCSD exams. No direct answer to the question here.
  • http://www.411asp.net/home/tutorial/howto/datastor - Covers various problems such as Data Storage Layer with SQL, letting Web application know it's execution context,
    • http://authors.aspalliance.com/wisemonk/view.aspx?id=mc03 - Where To Store Your Data. Very lightweight and superficial article. Some recommended places include:
      • Microsoft Access - Pro: It's easy, and you get SQL code that you can modify. Con: It's isn't designed for heavy use, can't handle huge amounts of data, and is not very stable.
      • SQL Server 2000 - the database server, professional quality, good performance, and transaction logs. Con: Administration almost requires an MCDBA.
      • XML - Very flexible way to format a text file. This is it's problem too, since it is not secure. There is also no visual editor. Great for transfering data.
  • Isolated storage: http://www.informit.com/articles/article.asp?p=101625&redir=1
• .net "web application" "data storage" "file system"
• "where should a web application store its data" - No results

See also:

• Protecting .Net Applications

Could not find Programming/BottomAd1?Create

Programming Interviews Exposed - How To Get A Programming Job How To Get A Programming Job Garnet Recommends: Writing Solid Code - Learn Microsoft's Techniques For Developing Bug Free Programs

Search for books about:

Bobsgear - Get A Free Enterrpise Wiki Space!
Review: The Bobsgear Project was started to develop a variety of Confluence plugins. This installation of the Confluence Enterprise wiki includes flexible attachments, many Confluence plugins, personal blogs, interesting articles, and more. Bobsgear already has spaces related to politics, art and photography wiki, technical issues wiki, ediscovery wiki, health, Christian theology and Sabbath School wiki, the bible, book reviews, and quotations. Bobsgear allows free signup, and invites anyone to create a free hosted Confluence wiki space.

NEW USERS CLICK HERE! for a quick introduction to Wiki.

Elapsed:0