views:

3907

answers:

7

When creating a new ASP.NET application in Visual Studio, a couple of files and folders are created automatically. One of those folders is called App_Data.

Also when publishing a website by selecting the menu option Build->Publish a checkbox is available Include files from the App_Data folder.

Am I right assuming that the files put in this file and its sub-folders are not going to be accessible through the web? For example, would it be safe to put in that folder resources that I only intend to be used by the application code?

What is the real intended use of the App_Data folder?

EDIT:

Thank you for all the answers. From the answers received so far I am interested mostly in two points mentioned:

  1. App_Data is essentially a storage point for file-based data store
  2. It should not be viewable by the web and is a place for the web app to store and read data from

Would someone be able specify how the "not viewable by the web" is ensured? Can I rely on that fact when performing standard deployment, or do I need to check some IIS settings on the server as well.

In the situation when I have a set of pdf files that I want to be accessible only from the application. Would App_Data folder be the right place to use, or should I create a separate folder and manually set IIS to ensure that it is not accessible by Web?

+4  A: 

It's a place to put an embedded database, such as Sql Server Express, Access, or SQLite.

Shawn Simon
Or any other data the site might use like, for example, XML files (like a list of states/countries/etc)
John Sheehan
Is is a the database only then? Can I put say some e.g. pdf files in it which I want to access thought the code only, e.g using Response.TransmitFile method?
padn
anything - the concept of data doesn't specify a filetype or format
annakata
+3  A: 

The intended use of App_data is to store application data for the web process to acess. It should not be viewable by the web and is a place for the web app to store and read data from.

JaredPar
Not just "should not", anything in that folder is blocked from being served by ASP.NET
John Sheehan
@John, I was under the impression there were ways to "change" that behavior. Yes, definately evil to do so but I don't know how common or not that is
JaredPar
How is that "not viewable" achived? Would the App_data folder have a specific settings in IIS?
padn
@padn, I'm not 100% sure about the stack but it is either special cased in IIS or the Asp.Net stack. http://msdn.microsoft.com/en-us/library/ex526337.aspx
JaredPar
iirc this behaviour can be modified from *.config httphandlers
annakata
+2  A: 

The main intention is for keeping your application's database file(s) in.

And no this will not be accessable from the web by default.

Martin Brown
+13  A: 

App_Data is essentially a storage point for file-based data stores (as opposed to a SQL server database store for example). Some simple sites make use of it for content stored as XML for example, typically where hosting charges for a DB are expensive.

annakata
Thanks annakata for this answer. I think the important point to add is that the content of App_Data is by default not viewable by the web as mentioned by JaredPar. and also as you commented "this behaviour can be modified from *.config httphandlers"
padn
+1  A: 

The intended use for App_Data is to store database related file. Usually SQL Server Express .mdf files.

WebMatrix
+1  A: 

The App_Data folder is a folder, which your asp.net worker process has files sytem rights too, but isn't published through the web server.

For example we use it to update a local CSV of a contact us form. If the preferred method of emails fails or any querying of the data source is required, the App_Data files are there.

It's not ideal, but it it's a good fall-back.

Ed Blackburn
+2  A: 

We use it as a temporary storage area for uploaded csv files. Once uploaded, an ajax method processes and deletes the file.

gumps