Best place to keep user uploaded aspx file in asp.net application

Question

In my asp.net application, user can send/upload aspx files & those files can be accessed by the users later(there need to implement code level security as it would be better to run the application with minimal permission). So now I need to store these files & where is the better place to store in it. Shall I create a folder giving low permission inside the current project? or shall I create separate virtual directory like "www.mydomain.com/files" & place in it. I want to prevent the restarting of application domain also.

What is the best option to handle this situation?

Answer 1

How much interaction do you need between your application & uploaded aspx files? If no interaction is needed or interaction can be handled via out of process store such as database then I will recommend you have have a separate application (and virtual directory) where these files would be placed. This application should be configured to use different app pool and you use user account with minimal security permissions to run this app pool. Note that being different application, your web application would be completely isolated from this app but it also means you cannot share ASP.NET session/app state but you need to resort to say database to share the data.