What is the App_Data folder used for in Visual Studio?

163
votes

When creating a new ASP.NET application in Visual Studio, a couple of files and folders are created automatically. One of those folders is called App_Data.

Also when publishing a website by selecting the menu option Build->Publish a checkbox is available Include files from the App_Data folder.

Am I right assuming that the files put in this file and its sub-folders are not going to be accessible through the web? For example, would it be safe to put in that folder resources that I only intend to be used by the application code?

What is the real intended use of the App_Data folder?

EDIT:

Thank you for all the answers. From the answers received so far I am interested mostly in two points mentioned:

  1. App_Data is essentially a storage point for file-based data store
  2. It should not be viewable by the web and is a place for the web app to store and read data from

Would someone be able specify how the "not viewable by the web" is ensured? Can I rely on that fact when performing standard deployment, or do I need to check some IIS settings on the server as well.

In the situation when I have a set of pdf files that I want to be accessible only from the application. Would App_Data folder be the right place to use, or should I create a separate folder and manually set IIS to ensure that it is not accessible by Web?

9
asp.net.netvisual-studiosecurityapp-data

9 Answers

124
votes

App_Data is essentially a storage point for file-based data stores (as opposed to a SQL server database store for example). Some simple sites make use of it for content stored as XML for example, typically where hosting charges for a DB are expensive.

45
votes

in IIS, highlight the machine, double-click "Request Filtering", open the "Hidden Segments" tab. "App_Data" is listed there as a restricted folder. Yes i know this thread is really old, but this is still applicable.

26
votes

The intended use of App_data is to store application data for the web process to acess. It should not be viewable by the web and is a place for the web app to store and read data from.

16
votes

It's a place to put an embedded database, such as Sql Server Express, Access, or SQLite.

13
votes

The App_Data folder is a folder, which your asp.net worker process has files sytem rights too, but isn't published through the web server.

For example we use it to update a local CSV of a contact us form. If the preferred method of emails fails or any querying of the data source is required, the App_Data files are there.

It's not ideal, but it it's a good fall-back.

10
votes

From the documentation about ASP.NET Web Project Folder Structure in MSDN:

You can keep your Web project's files in any folder structure that is convenient for your application. To make it easier to work with your application, ASP.NET reserves certain file and folder names that you can use for specific types of content.

App_Data contains application data files including .mdf database files, XML files, and other data store files. The App_Data folder is used by ASP.NET to store an application's local database, such as the database for maintaining membership and role information. For more information, see Introduction to Membership and Understanding Role Management.

7
votes

The main intention is for keeping your application's database file(s) in.

And no this will not be accessable from the web by default.

7
votes

We use it as a temporary storage area for uploaded csv files. Once uploaded, an ajax method processes and deletes the file.

6
votes

The intended use for App_Data is to store database related file. Usually SQL Server Express .mdf files.