Storing temporary user files in ASP.NET in medium trust

Question

I have a scenario where users of my ASP.NET web application submit testimonials consisting of text info and images. The submit process has the following steps:

• First the user inputs the content and chooses a path to an image
• When he clicks preview, the info is once again shown so that he can confirm
• Once confirmed the info is persisted in the database

The problem with this is that I don't want to store uploaded images in the DB before the user actually confirms. Instead I store them as temporary files and put them in DB only after final confirmation.

Since I also want my application to run in medium trust, I have write permissions only to the application directory and nowhere outside. I even want to limit write permissions for the ASPNET / NETWORK SERVICE user to the ~/App_Data folder. The problem with my scenario is that once a temporary file is created in this folder, the application pool is recycled and I don't want that on every testimonial submit.

How do you advise I keep these temp files instead? The pool is not restarted if I update a file - only on create or rename. But I don't think I can store whole images in a single file for all users. What do you think?

UPDATE: I should note that I'm using a third party control for upload. It gives me programmatic access to the binary stream of the file contents after upload, but I cannot keep this after a second postback (the first step and postback actually does the upload).

Answer 1

I would recommend IsolatedStorage. It's a kind of virtual folder.

Here is an excerpt from an example on CodeProject:

IsolatedStorageFileStream stream = 
  new IsolatedStorageFileStream(ISOLATED_FILE_NAME, 
  FileMode.Create, isoStore);

StreamWriter writer = new StreamWriter( stream );
writer.WriteLine( "This is my first line in the isolated storage file." );
writer.WriteLine( "This is second line." );
writer.Close();

UPDATE: To clean up your file just do this:

string fileName = "isolatestorage.txt";

IsolatedStorageFile storage = IsolatedStorageFile.GetStore(
    IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);

string[] files = storage.GetFileNames(fileName);
foreach(string file in files) {
    if(file == fileName) {
        storage.DeleteFile(file);
        break;
    }
}

Answer 2

The default web_mediumtrust.config file that Microsoft ships is notoriously impractical.

Here is a snippet from the default web_mediumtrust.config file. By default, you cannot use System.IO to discover or write to the temp folder.

                        <IPermission
                                class="FileIOPermission"
                                version="1"
                                Read="$AppDir$"
                                Write="$AppDir$"
                                Append="$AppDir$"
                                PathDiscovery="$AppDir$"
                        />

Although I haven't experirement with Isolated Storage as mentioned by @Seb, it seems to be permitted by the default config file.