Storing temporary user files in ASP.NET in medium trust

Asked 7/11, 2008 at 12:42 Answered 9/11, 2008 at 3:23

I have a scenario where users of my ASP.NET web application submit testimonials consisting of text info and images. The submit process has the following steps:

First the user inputs the content and chooses a path to an image
When he clicks preview, the info is once again shown so that he can confirm
Once confirmed the info is persisted in the database

The problem with this is that I don't want to store uploaded images in the DB before the user actually confirms. Instead I store them as temporary files and put them in DB only after final confirmation.

Since I also want my application to run in medium trust, I have write permissions only to the application directory and nowhere outside. I even want to limit write permissions for the ASPNET / NETWORK SERVICE user to the ~/App_Data folder. The problem with my scenario is that once a temporary file is created in this folder, the application pool is recycled and I don't want that on every testimonial submit.

How do you advise I keep these temp files instead? The pool is not restarted if I update a file - only on create or rename. But I don't think I can store whole images in a single file for all users. What do you think?

UPDATE: I should note that I'm using a third party control for upload. It gives me programmatic access to the binary stream of the file contents after upload, but I cannot keep this after a second postback (the first step and postback actually does the upload).

Norseman answered 7/11, 2008 at 12:42 Comment(1)

The app pool should NOT recycle in that scenario. Perhaps a wrong entry in the web.config? – Ibex 7/11, 2008 at 12:44

I would recommend IsolatedStorage. It's a kind of virtual folder.

Here is an excerpt from an example on CodeProject:

IsolatedStorageFileStream stream = 
  new IsolatedStorageFileStream(ISOLATED_FILE_NAME, 
  FileMode.Create, isoStore);

StreamWriter writer = new StreamWriter( stream );
writer.WriteLine( "This is my first line in the isolated storage file." );
writer.WriteLine( "This is second line." );
writer.Close();

UPDATE: To clean up your file just do this:

string fileName = "isolatestorage.txt";

IsolatedStorageFile storage = IsolatedStorageFile.GetStore(
    IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);

string[] files = storage.GetFileNames(fileName);
foreach(string file in files) {
    if(file == fileName) {
        storage.DeleteFile(file);
        break;
    }
}

Pease answered 7/11, 2008 at 13:1 Comment(5)

Yes, I was thinking of this. The question is, how do I empty it? It's not a temp folder after all - rather it's used for long-term persistence. – Norseman 7/11, 2008 at 13:4

You could run a cron job to check and empty it. – Skyeskyhigh 7/11, 2008 at 14:11

@Seb - I know how to do it in code - I just need this done periodically and automatically. @Chakrit - kind of an overkill. I can't believe no one else had such an issue. – Norseman 7/11, 2008 at 16:1

IsolatedStorage probably isn't bad, but is also not really necessary. It uses the Windows username for isolation, which isn't that applicable here, right? – Mature 31/7, 2012 at 13:52

@ScottStafford I'm not sure. Thought it used the Windows-account that is running the app, so it shouldn't be a problem. – Pease 31/7, 2012 at 17:19

You can still use the normal Path.GetTempFilename() method to get a temporary file in ASP.NET scenarios.

It should give you a temp file path that is writable by NETWORK_SERVICE but also lives in one of the actual Windows' temp folders, not your application folder.

If your host configured his server correctly, that should works fine.

Skyeskyhigh answered 7/11, 2008 at 12:49 Comment(0)

The default web_mediumtrust.config file that Microsoft ships is notoriously impractical.

Here is a snippet from the default web_mediumtrust.config file. By default, you cannot use System.IO to discover or write to the temp folder.

                        <IPermission
                                class="FileIOPermission"
                                version="1"
                                Read="$AppDir$"
                                Write="$AppDir$"
                                Append="$AppDir$"
                                PathDiscovery="$AppDir$"
                        />

Although I haven't experirement with Isolated Storage as mentioned by @Seb, it seems to be permitted by the default config file.

Abbate answered 9/11, 2008 at 3:23 Comment(0)

This is a reply to Leppie who commented on my question (to avoid the char limit)

From: http://blogs.msdn.com/johan/archive/2007/05/16/common-reasons-why-your-application-pool-may-unexpectedly-recycle.aspx

...sometimes your application pool inexplicably recycles for no obvious reason. This is usually a configuration issue or due to the fact that you're performing file system operations in the application directory.

Are you sure it's not supposed to recycle?

Norseman answered 7/11, 2008 at 13:3 Comment(1)

Normally, only changes in the bin and App_Code directories will cause an app-pool recycle. – Ibex 7/11, 2008 at 13:9

Recommended topics

Hot tags