我应该在Visual Studio的wwwroot下创建用于上传文件的文件夹吗? [英] Should I create my folder for file uploads under wwwroot inside visual studio?
问题描述
If I were to follow this example file uploads would be stored in the wwwroot file. It is my understanding this file is where you should store static files that will be served to the user. Sure, I want my users to be able to download but is there a filesystem, specific to asp.net core/IIS/Windows Server 2012, that would be best? I'm expecting around 10,000 files max after several years.
我正计划为上传的文档创建一个文件夹,只是不确定将其放置在何处.
I'm planning on creating a folder for the uploaded documents, I'm just unsure of where to place it.
Note: The answer provided here was not sufficient
推荐答案
据我所知,除非采取特殊预防措施,否则用户,机器人等无需验证即可自由下载wwwroot下的文件.如果文件本质上不敏感,则使用wwwroot不会有任何问题.
To the best of my understanding, unless you take special precautions, files under wwwroot can be downloaded freely by users, bots, etc. with no authentication. If the files are not sensitive in nature, then there is nothing wrong with using wwwroot.
如果要在控制器级别提供安全性(例如,用户只能查看自己的文件),则最好将它们放在文件系统中的其他位置.路径是任意路径,但是文件夹的安全设置必须以dotnet进程可以访问它的方式进行设置.您可以授予所有人完全访问权限,或者如果合适的话,可以进行更严格的限制.假设您有权访问服务器,则直接在服务器的操作系统上完成此操作.
If you want to provide security at the controller level (e.g., a user can only view their own files), then it's probably better to put them elsewhere in the file system. The path is kind of arbitrary, but the security settings on the folder must be set in such a way that the dotnet process can access it. You can give Everyone full access, or be more restrictive if you see fit. This is done directly on the OS of the server, assuming that you have access to it.
这篇关于我应该在Visual Studio的wwwroot下创建用于上传文件的文件夹吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
