Access to Files Outside the Webroot

Description

By default, a web page will not display files located outside of the webroot folder structure. The advantage of this restriction is that it prevents unauthorized users from changing or damaging your data. But when you want to selectively use data outside of the webroot, there are two techniques for overcoming this limitation.

1. Copy the files into the user's session folder under the webroot on a file-by-file basis using the Context.Session.SaveFileToSessionFile() or Context.Session.SaveDataAsFile() methods. The Application Server will automatically delete these temporary files when the session expires.

2. Create an A5W page that opens the file and sends it to the browser. Because the A5W page runs locally on the server, it has access to the whole file system. If you use this technique, make sure you provide some type of protection so that the user cannot specify any arbitrary file on your server.

See Also

• Storing Files in Sessions