ASP.Net Core Secure Storage of Application Data

Macka 1 Reputation point


I'm new to ASP.Net Core and C# in general, so maybe I'm not using the right keywords in my searches...

I'm trying to develop a multi-tenanted app (developing under Win 10, most likely production server will be Ubuntu with Nginx reverse proxy). At this stage, I am leaning towards using a SQLite database per tenant to store both the tenant's data and user login credentials.

This is where I run into my first problem: what is the correct storage location for sensitive application data (in this case the SQLite files)?

The closest thing to an answer I've found was here, but there seems to be a bit of contention as to whether wwwroot is really an appropriate storage location - is this actually an issue? (i.e. can a malicious actor download the files form here like any other static file).

A set of technologies in the .NET Framework for building web applications and XML web services.
4,239 questions
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,895 questions
{count} votes