Allow Requests to App_Data
Solution 1
Its not possible to access App_Data
folder directly as it is used as data-storage for web application, for security reasons of the stored data you can access database from it only using connectionstring.
web.config
<connectionStrings>
<add name="AddressBookConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\myDB.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
check this http://www.codeproject.com/Articles/31557/A-Beginner-s-Guide-to-ASP-NET-Application-Folders#h
UPDATE
Programatically we can access any file in web application and write it to response:
public class FileAccessHandler:IHttpHandler
{
public FileAccessHandler()
{
//
// TODO: Add constructor logic here
//
}
public bool IsReusable
{
get { return false; }
}
public void ProcessRequest(HttpContext context)
{
String FileName = Path.GetFileName(context.Request.PhysicalPath);
String AssetName = HttpContext.Current.Request.MapPath(Path.Combine(HttpContext.Current.Request.ApplicationPath, "App_Data/" + FileName));
if (File.Exists(AssetName))
{
context.Response.ContentType = "image/jpeg";
context.Response.BinaryWrite(File.ReadAllBytes(AssetName));
context.Response.End();
}
}
}
Download: App_Data access sample
Solution 2
This is not recommended as app data is meant for application files but this can be done by adding the following line to the config
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="app_data" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
![levi](https://i.stack.imgur.com/8eWOv.jpg?s=256&g=1)
levi
brain is not for storing information, it is for thinking. be aware of skeptical regression... you follow the standards and everything goes nice and smooth give me the gist
Updated on June 12, 2022Comments
-
levi about 2 years
I want to allow users to request files located in App_Data Folder. This is the error:
Error Summary
HTTP Error 404.8 - Not Found
The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.