ktsangop ktsangop - 6 days ago 6
ASP.NET (C#) Question

Proper way of creating virtual directories on IIS using ASP.net

I am developing an ASP.NET Web Api, and i would like to add a directory (lets say "exports") to be created on the server in which the application will store generated reports/logs etc.

I was advised that the "exports" directory should be a virtual directory so that the server admin could easily change the physical path to the stored files. Now i am not really sure of what is the proper way to deal with this.

The way i had implemented it was to create a directory in my project, put a dummy file in it and so let it be created on the server during publishing.
But i don't know if that is the appropriate way to create application folders on a server, nor am i sure of the access restrictions that should be applied.

Additionally, this way creates a physical path relative to the application root, and the only way to make it virtual is to manually add a virtual directory with the same alias from the IIS server app pool manager.

So i would like to know of what is the proper way to create and manage a virtual directory on a server. Who is responsible for creating and managing the access permissions?

Should the application create it when it is deployed, or the admin be asked to create it manually using the server app pool admin panel?

EDIT :

Found a way to do it, just not sure if it's elegant or safe.
As i've already mentioned, i am creating an empty "exports" directory during publishing (MyWebApi/exports).
My app tries to access that directory using MapPath and Directory Classes :

if(Directory.Exists(System.Web.Hosting.HostingEnvironment.MapPath($"~/exports/")))
{
Console.WriteLine("Export directory exists on server!");
}


So if nothing went wrong during web deploy the "exports" directory exists under the application root directory, and i can save my files in there.

Now if the Server admin would like to change the physical path of the exports directory and place it let's say at another disk on the server, he can go to the IIS manager, right click the application->Add virtual directory->Enter "exports" as alias and whatever they need as physical path.
Please note that the alias must be exactly the same as the one created during publishing.

Now i have tested this, and provided that you grant the appropriate permissions to the new physical directory, it should work fine. But i have no idea if it's just a Monkey patch or a proper solution.

Answer

Your best bet is to have someone create the virtual directory manually. Otherwise, the code for your site will have to have permissions to modify IIS, as well as write-permissions at the root level of your application path. Giving an application either of these permissions poses security risks. The folder only has to be set up once. Keep things simple!

You could use the virtual directory approach - that's fine, and it keeps you from having to put a static path into your web.config. But if you can avoid it, don't hardcode the virtual path (~/somefolder)into your code - leave it in the config file so it can be modified after deployment.