Modern applications often deal with sensitive files such as invoices, medical reports, contracts, and identification documents. Improper storage and access control can lead to data breaches, regulatory violations (GDPR, HIPAA, PCI-DSS), and loss of trust.
Here are industry best practices for storing and managing sensitive files securely.
1. Store Outside Public Web Root
Don’t place sensitive files inside wwwroot or any folder served directly by static file middleware.
Keep them in a directory outside the web root, accessible only by the application code.
Serve them through controller actions with authentication and authorization.
2. Enforce Strong Authentication & Authorization
Use ASP.NET Core Identity, JWT tokens, or OAuth2/OpenID Connect for user authentication.
Apply role-based or policy-based authorization (e.g., only doctors can view patient reports).
For user-specific files, validate ownership before serving.
if (file.OwnerId != currentUser.Id)
{
return Forbid();
}
3. Prevent Path Traversal Attacks
Attackers may try to manipulate file paths using ../ to escape directories.
var safeFileName = Path.GetFileName(fileName);
var filePath = Path.Combine(secureFolder, safeFileName);
if (!filePath.StartsWith(secureFolder))
return Forbid();
4. Encrypt Files at Rest
Store files encrypted on disk using AES-256 or other strong algorithms.
Use .NET’s System.Security.Cryptography APIs or integrate with enterprise solutions like Azure Key Vault or AWS KMS for key management.
Rotate encryption keys periodically.
5. Encrypt Files in Transit
6. Use Access Control Lists (ACLs) & File Permissions
7. Consider File Metadata & Logging
Avoid storing sensitive data in file names or metadata (e.g., patient IDs in filenames).
Implement logging & auditing for every file access attempt (who accessed, when, what file).
Monitor unusual download patterns to detect insider threats or breaches.
8. Stream Large Files Instead of Loading into Memory
Loading large files into memory can cause performance issues or even denial-of-service. Instead, stream them directly:
[HttpGet("download/{fileName}")]
public IActionResult DownloadFile(string fileName)
{
var path = Path.Combine(_storagePath, Path.GetFileName(fileName));
var stream = new FileStream(path, FileMode.Open, FileAccess.Read);
return File(stream, "application/octet-stream", fileName, enableRangeProcessing: true);
}
9. Implement File Expiry & Retention Policies
Set retention periods for files (e.g., auto-delete after 90 days).
Use time-limited access links (signed URLs) when sharing files externally.
Regularly clean up unused/expired files to reduce attack surface.
10. Consider Cloud Storage Solutions
Instead of managing sensitive files on your own server:
Use Azure Blob Storage, Amazon S3, or Google Cloud Storage.
Apply private containers/buckets and serve files only via signed URLs.
Integrate with Key Vaults / KMS for encryption and key rotation.
11. Protect Against Malware
Scan uploaded files with an antivirus engine (e.g., ClamAV, Windows Defender, or cloud-based malware scanning APIs).
Restrict allowed file types & MIME types to reduce risks.
12. Secure Backups
Quick Checklist
Files outside wwwroot
Strong authentication & authorization
Path sanitization
Encryption (at rest & in transit)
Least-privilege file system permissions
Logging & monitoring
File streaming for performance
Retention & expiry policies
Malware scanning
Encrypted & secure backups
Conclusion
Managing sensitive files requires a multi-layered security approach: storage isolation, encryption, access control, monitoring, and compliance with security standards. By following these best practices, you significantly reduce the risk of unauthorized access or data breaches.