SyntaxFix

[asp.net] What is the App_Data folder used for in Visual Studio?

When creating a new ASP.NET application in Visual Studio, a couple of files and folders are created automatically. One of those folders is called App_Data.

Also when publishing a website by selecting the menu option Build->Publish a checkbox is available Include files from the App_Data folder.

Am I right assuming that the files put in this file and its sub-folders are not going to be accessible through the web? For example, would it be safe to put in that folder resources that I only intend to be used by the application code?

What is the real intended use of the App_Data folder?

EDIT:

Thank you for all the answers. From the answers received so far I am interested mostly in two points mentioned:

  1. App_Data is essentially a storage point for file-based data store
  2. It should not be viewable by the web and is a place for the web app to store and read data from

Would someone be able specify how the "not viewable by the web" is ensured? Can I rely on that fact when performing standard deployment, or do I need to check some IIS settings on the server as well.

In the situation when I have a set of pdf files that I want to be accessible only from the application. Would App_Data folder be the right place to use, or should I create a separate folder and manually set IIS to ensure that it is not accessible by Web?

This question is related to asp.net .net visual-studio security app-data

The answer is

in IIS, highlight the machine, double-click "Request Filtering", open the "Hidden Segments" tab. "App_Data" is listed there as a restricted folder. Yes i know this thread is really old, but this is still applicable.

It's a place to put an embedded database, such as Sql Server Express, Access, or SQLite.

We use it as a temporary storage area for uploaded csv files. Once uploaded, an ajax method processes and deletes the file.

From the documentation about ASP.NET Web Project Folder Structure in MSDN:

You can keep your Web project's files in any folder structure that is convenient for your application. To make it easier to work with your application, ASP.NET reserves certain file and folder names that you can use for specific types of content.

App_Data contains application data files including .mdf database files, XML files, and other data store files. The App_Data folder is used by ASP.NET to store an application's local database, such as the database for maintaining membership and role information. For more information, see Introduction to Membership and Understanding Role Management.

The App_Data folder is a folder, which your asp.net worker process has files sytem rights too, but isn't published through the web server.

For example we use it to update a local CSV of a contact us form. If the preferred method of emails fails or any querying of the data source is required, the App_Data files are there.

It's not ideal, but it it's a good fall-back.

The intended use for App_Data is to store database related file. Usually SQL Server Express .mdf files.

The main intention is for keeping your application's database file(s) in.

And no this will not be accessable from the web by default.

The intended use of App_data is to store application data for the web process to acess. It should not be viewable by the web and is a place for the web app to store and read data from.

Source: Stackoverflow.com

Examples related to asp.net

RegisterStartupScript from code behind not working when Update Panel is used You must add a reference to assembly 'netstandard, Version=2.0.0.0 No authenticationScheme was specified, and there was no DefaultChallengeScheme found with default authentification and custom authorization How to use log4net in Asp.net core 2.0 Visual Studio 2017 error: Unable to start program, An operation is not legal in the current state How to create roles in ASP.NET Core and assign them to users? How to handle Uncaught (in promise) DOMException: The play() request was interrupted by a call to pause() ASP.NET Core Web API Authentication Could not load file or assembly 'CrystalDecisions.ReportAppServer.CommLayer, Version=13.0.2000.0 WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for jquery

Examples related to .net

You must add a reference to assembly 'netstandard, Version=2.0.0.0 How to use Bootstrap 4 in ASP.NET Core No authenticationScheme was specified, and there was no DefaultChallengeScheme found with default authentification and custom authorization .net Core 2.0 - Package was restored using .NetFramework 4.6.1 instead of target framework .netCore 2.0. The package may not be fully compatible Update .NET web service to use TLS 1.2 EF Core add-migration Build Failed What is the difference between .NET Core and .NET Standard Class Library project types? Visual Studio 2017 - Could not load file or assembly 'System.Runtime, Version=4.1.0.0' or one of its dependencies Nuget connection attempt failed "Unable to load the service index for source" Token based authentication in Web API without any user interface

Examples related to visual-studio

VS 2017 Git Local Commit DB.lock error on every commit How to remove an unpushed outgoing commit in Visual Studio? How to download Visual Studio Community Edition 2015 (not 2017) Cannot open include file: 'stdio.h' - Visual Studio Community 2017 - C++ Error How to fix the error "Windows SDK version 8.1" was not found? Visual Studio Code pylint: Unable to import 'protorpc' Open the terminal in visual studio? Is Visual Studio Community a 30 day trial? How can I run NUnit tests in Visual Studio 2017? Visual Studio 2017: Display method references

Examples related to security

Monitoring the Full Disclosure mailinglist Two Page Login with Spring Security 3.2.x How to prevent a browser from storing passwords JWT authentication for ASP.NET Web API How to use a client certificate to authenticate and authorize in a Web API Disable-web-security in Chrome 48+ When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? How does Content Security Policy (CSP) work? How to prevent Screen Capture in Android Default SecurityProtocol in .NET 4.5

Examples related to app-data

What is the App_Data folder used for in Visual Studio?

Tags

Derived-class Clsql Imagettftext Mysql-real-escape-string String-evaluation Atomicreference Fuelphp Utility-method Appserver Labeled-statements Shdocvw Termios Web2py Itemcollection Git-clone Static-members Jqxhr Bindable-linq Stretched App2sd Stub-data-generation Dnsmasq Rpg Gsoap Gets Eclipse-europa Css-position Listviewitem Background-color Spl-autoload-register Dasblog Warnings Workload Language-detection Shlex Org.json Bind2nd Cls-compliant Coffeescript Postfix-operator Cgcolor Javadb Conferencing Gesturedetector Least-astonishment Image-load Activity-monitor Warbler Bignum User-data Visualsvn Performance-testing Stdint Error-recovery Branch Createuser Composite-application-gu Winrar Lme4 Castle Backgroundrb Itemcontainergenerator Candlestick-chart Asdoc Torque Opos Ibm-datapower Reformat Continued-fractions Esri-arc-engine Manifold Python-daemon Autocmd Hardware-programming Animal-sniffer Dbproj Multi-dimensional-scaling Xhtml-mp Virtual-inheritance Comobject Bytecode Waveoutwrite List-template Dashboard Getdate Gridview Marker-interfaces Reduce Code-discovery Negative-lookahead Imagebrush Cloudmade Ismouseover Modeless Programmable-completion Server-communication Renewcommand Servicepoint Object-state Drupal-views