ASP.NET: Location for storing files that should be shared between several web-applications

Question

I have two web-applications. One is an outwards-facing application that will be accessible from the internet. The other is an application to manage the first, that will only be accessible from the intranet.

They keep their data in files on the filesystem (I think a database would be overkill for these applications).

The management-application should be able to write some files that the outwards-facing application can read (data-files that are used to supply responses to requests from the internet) and the outwards-facing application should be able to write a file that the management can read (log-file).

My question is: what is the best place to store these files?

• Application Data/[Company Name]/[Product Name]?
• An APP_DATA under one of the web-applications?
• Somewhere else?

Some factors to consider are: What extra permissions do the solution need? Can the web-applications discover the location without needing to know where the other application has been installed?

Thanks in advance for any suggestions!

Answer 1

I know you said a database would be overkill, but a two-sided app with one side potentially giving access to internal systems, would be much more secure (though not entirely secure) if resources were stored in a DB. It just gives an extra layer. I think Internet users should be given the bare minimum of permission on the host file-system (via a web layer such as NETWORK SERVICE or not).

Otherwise, why not a "sandbox" path, on a physically separate device (that may be disconnected if needed, eg. suspicious activity) such as a USB hard disk?