Design question!, uploading documents to webserver

  • Thread starter Thread starter Jeff
  • Start date Start date
J

Jeff

Hi

asp.net 2.0

I'm developing a webportal, where admins will upload documents related to
users of the website.
Each document will be unique for each user. A user can have from 0 to many
documents.
An user only have access to his documents.

Documents will be in .pdf format.

Documents will not be stored in database (sqlserve2005) but instead uploaded
to a folder on the webserver. So I'm thinking should I create a folder for
each user on the webserver (make some logic that create folder, permission
problem at creating folder?) or modify document name to also hold the id of
the user, which I guess is a potential pitfall....

any suggestons? maybe there are better wasys of doing this? Upload to the
database instead (possible with pdf)? I guess changing the logic to save
file in the db is better, though not sure how to view a .pdf file stored in
the database (I know how to view images stored in database, so I guess the
procedure is the same for pdf also)

any suggestions?
 
Storing pdf's in the db doesn't seem to resolve the security issue, since it
leaves all access through your web application, and the web application has
to handle the security. If the app is doing that anyway, you could store the
docs in a folder that no user has access to, and let the app provide the
docs on request. Then the app can do the same security controls it would
have done with the docs in the db.
 
The way i do it.
1. Create tblUpload table with columns like ('UploadId (identity), FileName,
UserId, DateUploaded, Tags.....)
2. when file is uploaded record is created in tblUpload with proper values
and file is saved into folder /Upload/{UploadId}.pdf
3. When ever users looks at his files he gets a link to it /myfile.ashx?id=3
for example. The myfile.ashx checks user's permissions and sends back file
using Response.WriteFile and setting appropriate name with setting
'Content-Disposition' in a header. To set name of the downloaded file
appropriately. See http://support.microsoft.com/kb/260519

A. Users will not even know about /Upload/ folder existense.
B. A little more work since the table creating involved but you win in a
long run since now you can attach some metadata to the file. Like small
description...
C. You might want to create subfolders in Upload folder. All depends on your
design and amount of file. It can be by UserId.
It can be by MonthYear like /Upload/200811/{UploadId}.pdf. Depends on what
is being uploaded. MonthYear is perfect for sales data. And allows easy to
backup and remove the whole year. UserId aproach is perfect when you have a
lot of files per user.


George.
 
Back
Top