I want to ask what the difference is between the app_data
folder in a web application and in a web site .
I want to make sure that this folder is secure in web application because I put specific file in this folder which specific users only can download it.
Do not give the Directory Browsing
Provision in IIS
.
There is basically a way in which the Anonymous/Unauthorized
user can Access/download your Authorized File
. Example - You know the Query String
Values and other user can type and download it. So, there are two ways by which you can prevent unauthorized User to download file.
(a) Keep the Web.Config
in this folder and define the Roles/Users
whoever can access it.
(b) In the Page Load
, you can check the page being opened is being done by the Authorized user
only.
App_Data
Folder is same for both types Web Application
as well as Web Site
.
The App_Data folder is used by ASP.NET to store an application's local database, such as the database for maintaining membership and role information. There is be no difference between the app_data folder using a Web App or a Web Site.
Sources:
As Darren answered, there is no difference.
But to your other point of using it as a secure storage location, it is protected by ASP.NET, much like the bin folder, and users cannot browse to it.