How do I reference a file outside my web site's root directory?
For example my website is located at C:\dev\TestSite I am using ASP.NET with XSP. The webapp will be deployed on Apache using mod_mono. I have images in C:\images and I would like to do this:
<img src="C:\images\logo.gif"/>
While it might be possible to do this through some hacky method, it's not a good idea. Allowing the IIS account to access files/folders on the greater file system would be a big potential security hole.
The best way to accomplish this is to use IIS Virtual Directories. Put your content in folders dedicated to supporting the site, DO NOT make your entire C: drive a virtual directory.
You can't do this from within the HTML code of your page. The HTML page can only reference web accessible content (in regards to images, CSS, javascript, etc). You could create a virtual directory that points to your images folder so that it becomes web accessible.
EDIT:
The apache way inside of your conf file.
Alias /images "C:/Images"
And a little walkthrough from some dude.
Your img tag's src value is going to be sent to the client. You need to specify those paths relative to your document root. Your best bet is to set up a virtual folder (in IIS, alias is the apache equivalent) to point to the c:\images path and then change the mentioned tag src path as follows
<img src="/images/logo.gif" />
To do this in apache, you need an alias in your httpd.conf. The line looks like this
Alias /images c:/images
Here's the docs http://httpd.apache.org/docs/2.0/mod/mod_alias.html#alias
I'm going to assume that C:\images\logo.gif is the path on the server, and not the path on the client.
The src attribute is interpreted by the html client (i.e. Internet Explorer). The client can't see anything outside of your web directory. In fact, the client can only see things inside your web directory if you've provided permission for them to do so. Thus, this isn't an ASP.NET issue, but an issue of how web clients have access to web servers... which is designed this way for security.
In order for your application to use these images, you've got a couple of options that immediately spring to mind - neither of which is ideal:
The ASP.NET code (in the codebehind) is going to need to go and grab the file, and serve it out in the html stream that is being served to the client, which is more a complex task than I suspect you are willing to embark on.
The ASP.NET code (using System.IO) is going to need to go and grab the file from it's home location in C:\images\logo.gif and copy it to a location that is accessible to the client - you could create a temporary directory, copy your image to it, serve it out, delete it, delete the directory.
Both of these are certainly hacks that should be avoided if possible, but if you're adamant that this is what you want to do, this will allow you to do it via your ASP.NET app.
The most ideal solution is to add C:\Images as a virtual directory to your document root, i.e. /ImageCentral - this way you can have images that are central to multiple websites stored in this directory, it can then be referenced by clients for any of the websites just by adding virtual directories to each of them pointing at the central images folder. As DaveSwersky points out, don't make any directories containing sensitive information virtual directories, the minute you add a virtual directory to an externally visible website, you're giving people free reign to any of the information in it.
Good luck