locked
Multiple users creating their own file in a directory in an ASP.Net app RRS feed

  • Question

  • User1884398186 posted

    I have a scenario, where each user in an ASP.Net application has a user file created under a specific directory when user logs in as in code below.

    Then, on every request from that user this same file gets updated with some data. And when user logs out, the user file for that user is deleted.

    Each user has a unique file name, which means a file is only accessed by one user at a  time and never by multiple users.

    I am worried about issues if there are many users creating/writing to files to the same directory in above scenario.

    Question: When there are many users logged into the ASP.Net app like 1,000 or more, will the above file handling cause issues? I am guessing there is really no limit on how many files can be created/written to in Windows Server operating system but I may be wrong.

    User File Creation on Login

    File.WriteAllText(userFileStoragePath, userData);

    User File Update on every Request

    File.WriteAllText(userFileStoragePath, string.Join("|", data));

    User File Deletion on Logout

    File.Delete(userFileStoragePath);

     

    Wednesday, July 20, 2016 3:19 PM

Answers

  • User753101303 posted

    Hi,

    1000 is not a problem. Just make sure your app doesn't deal directly with this file location. Then you'll always be able to use a random folder name (0 to 255 or whatever) to spread those files in subfolders if really needed one day without having to change your main code.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 20, 2016 9:02 PM
  • User-359936451 posted

    Well, 1000 should not be an issues but 10000 trying to write to a server would be. You could still encrypt the cookies which is still the correct wayto handle this.

    http://stackoverflow.com/questions/4360839/encrypt-cookies-in-asp-net

    https://www.lynda.com/PHP-tutorials/Encrypting-cookies/133321/180309-4.html

    there a tons of other links on the web. Short of using cookies you should store data in a database on the server and delete it when done.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 22, 2016 12:49 PM

All replies

  • User-359936451 posted

    First, you obviously opened up write permissions to the hard drive in order to even create the file, so there is a security concern there if not properly managed. There are file limits in the OS and IIS, but if you haven't hit any of them yet you may already bummed those up. You should turn on logging as well so you can track any errors that may arise. I think one issue maybe the hardware platform, if I recall IIS is capped at 1000 concurrent connections (At least in older versions 6 and maybe 7) I think 8 and 8.5 its been increased.

    It doesn't sound like there is much activity being written to the files for each user. How long do the connections stay open/active, before a user leaves the site? If the file is being deleted, what is it being used for? Is it needed still? Maybe switch to a database to store the same info in a table, time stamp it and purge it after a time period.

    Personally I think you are ok with a 1000 users but moving over that you might want to consider something different for this logging. There is always a point in time when growth is necessary. Depending on your system and what it is doing this maybe one of them.

    Wednesday, July 20, 2016 3:35 PM
  • User1884398186 posted

    "How long do the connections stay open/active, before a user leaves the site?"

    The file connection is automatically closed and disposed when using static methods under System.IO.File, which is what I am using. So each line of code that I gave in my question will also automatically close and dispose the file connections immediately, which I think is an advantage of File static methods for reading/writing to files. You can check this at Microsoft's code center at: http://referencesource.microsoft.com/#mscorlib/system/io/file.cs,1c7421e464f67b7e. These static methods of File.IO use a StreamReader or StreamWriter behind the scenes within a using block, so even if exceptions occur the file connection is closed and disposed automatically.

    "If the file is being deleted, what is it being used for? Is it needed still?"

    The file is only needed while the user is logged and it's used to store some user related information for his/her current session. Once the user has logged out the file is useless, and that is why when user logs out this file is deleted.

    Wednesday, July 20, 2016 3:56 PM
  • User-359936451 posted

    "How long do the connections stay open/active, before a user leaves the site?"

    I was asking from the user experience perspective.  How long does the user need to have the file available. 

    "If the file is being deleted, what is it being used for? Is it needed still?" This is what cookies are for, why are you writing them to your server?

    If you use cookies on the client machine instead of your server, you will have no issues with 10000 users.

    Wednesday, July 20, 2016 8:31 PM
  • User1884398186 posted

    "How long do the connections stay open/active, before a user leaves the site?"

    The user file is only needed for the duration for user session. As soon as user logs out the file is deleted.

    I cannot use cookies since the data I am storing in user file is sensitive information, which is most secure on server-side.

    Wednesday, July 20, 2016 8:47 PM
  • User753101303 posted

    Hi,

    1000 is not a problem. Just make sure your app doesn't deal directly with this file location. Then you'll always be able to use a random folder name (0 to 255 or whatever) to spread those files in subfolders if really needed one day without having to change your main code.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 20, 2016 9:02 PM
  • User-359936451 posted

    Well, 1000 should not be an issues but 10000 trying to write to a server would be. You could still encrypt the cookies which is still the correct wayto handle this.

    http://stackoverflow.com/questions/4360839/encrypt-cookies-in-asp-net

    https://www.lynda.com/PHP-tutorials/Encrypting-cookies/133321/180309-4.html

    there a tons of other links on the web. Short of using cookies you should store data in a database on the server and delete it when done.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 22, 2016 12:49 PM
  • User-359936451 posted

    Why no credit for the help? The answer you marked does not resolve your issue. It suggests a random folder count from 0 to 255, that does not meet your 1000 concurrent connection requirement. I don't understand why the acceptance on that answer.

    Monday, July 25, 2016 6:13 PM