Java Programming For The Absolute Beginner Programming .NET Components

Where Should A Web Application Store It's Persistent Data?

.NET Web Application Programming

Garnet's articles about Web Application Programming For .NET

For some web applications, it's fine to store data in local files on the web server hard drive. An example where this could be OK is in a document centric web application, like a wiki. Each page of the wiki could be stored as a separate file on the hard drive. If the wiki has only a single level of directory allowed (no subpages), all the pages could be stored in a single directory. For performance purposes, though, you might want to consider a custom directory structure that divides the files for the wiki into multiple subdirectories, for example, by first letter of the file name.

Where should these files be placed? What about security considerations? Should the directory containing these files go within the web server directory structure, for example, under the virtual directory for the web application? FlexWiki, a .NET based wiki originally written by someone at Microsoft takes this approach. Various subdirectories are created within a directory under the application's physical directory, and these directories are used to store various separate wikibases, according to the information in an XML configuration file.

So for example, the application might store it's data at c:\inetpub\wwwroot\flexwiki\WikiBases with separate directories such as MyWiki, and Namespaces.Second, under there. If you install this on your local machine, you might access it through a URL like this:

• http://localhost/FlexWiki/default.aspx

Unfortunately, since the data is stored within the application directory, a URL like this will pull up internal files of the FlexWiki:

    http://localhost/FlexWiki/WikiBases/MyWiki/MyWiki.wiki

ooops! Maybe it's not too harmful to see the original text of the wiki pages, since in this case these files store nothing other than the unparsed wiki text. But it is good thing the file didn't have any secret information like passwords, or unprintable binary control information. Other wikis store a lot more information in the files that they keep for the pages of the wiki.

FlexWik is configured through the web.config custom configuration section method of .NET application configuration. So if someone changes the default settings of FlexWiki, it could be hard to guess the directory structure. You can't see this file, since IIS and .NET guard the web.config files from access via browser. There is documentation that the web.config files have an inheritance and override mechanism, but unfortunately, at least on Windows XP with IIS 5, it doesn't seem to have any effect to try and block access to the data directory by placing a web.config in the MyWiki subdirectory with an deny="*" directive. These web.configs are supposed to nest, but I haven't seen that work.

Another possibility is to use Isolated Storage for .NET applications. .NET defines isolated storage as "Isolated storage is a storage mechanism that provides isolation and safety by defining standardized ways of associating code with saved data." Typically, Isolated Storage is keyed to application and user, so that each user of the application has their own data storage area. Administrators can set allowable maximums on the size of the data storage area for users.

Isolated storage is part of the .NET security system that allows each application to have a unique storage area that is entirely isolated from other applications. It looks like a mini file system that is accessible only by that application. From the outside, it is not possible to see what kind of directories or files have been created. See the System.IO.IsolatedStorage namespace for more details.

Configuring your web application to find it's data is easy:

  <configuration>
    <appsettings>
        <add key="dsn" value="myserver"/>
        <add key="datapath" value="d:\\applicationdata\\"/>
    </appsettings>
  </configuration>

It's easy to read this:

  Dim AppSettings as Hashtable = Context.GetConfig("appsettings")
  Dim DSN as String = AppSettings("dsn")
  Dim MyAppDataPath as String =AppSettings("datapath")

For more information about related internet queries, other related articles, and to discuss this topic, please visit Where Should A Web Application Store It's Persistent Data? at Chat11.