i have an asp.net-mvc site where users can add content and links and the data gets saved in a database. They now want the ability to upload attachments to pages and i wanted to figure out a few things:

  1. I have upload code that will upload files (pdfs, images, etc) but i wanted to see where i should be storing them. should i store them outside the website directory structure ?

  2. Is there any file types that i should be concerned with storing. I would basically have a file picker on the front end.

Accepted Answer

I have upload code that will upload files (pdfs, images, etc) but i wanted to see where i should be storing them. should i store them outside the website directory structure ?

Not necessary. You could use the App_Data special folder and store the path to the file in the database along with an unique identifier so that you could retrieve it later. Files inside this folder are not served by the web server and are not directly accessible. Another approach is to store the files into the database. SQL Server 2008's new FILESTREAM type is very useful.

Is there any file types that i should be concerned with storing. I would basically have a file picker on the front end.

Not really. Executables could be dangerous as might contain viruses but as long as you are only storing them and never executing you should be safe.

Written by Darin Dimitrov
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki