Explain how static files are served in ASP.NET Core

Static files refer to content such as HTML, CSS, JavaScript, and images that are served directly to the users without any dynamic computation.

In ASP.NET Core, the web root directory holds the static files. By default, it is the {content root}/wwwroot directory, but you can change it using the UseWebRoot() method.

In the Program class, the CreateDefaultBuilder() method initializes the content root.

public class Program{
   public static void Main(string[] args){

   public static IHostBuilder CreateHostBuilder(string[] args) =>
         .ConfigureWebHostDefaults(webBuilder =>{

You can have different directories for each type of file that your application serves. For example, a directory named css holds the stylesheets, another one named js serves the JavaScript that your application uses, etc.

The directories within the wwwroot directory are directly accessed via a path relative to the host. For example, if you store your images in wwwroot/pictures directory, the users can access the images from the following URL: https://<host_name>/images/<image_name>

UseStaticFiles() method in the Startup.Configure() method enables static file serving for the current request path.

public void Configure(IApplicationBuilder app, IWebHostEnvironment env){
   if (env.IsDevelopment()){




   app.UseEndpoints(endpoints =>{
      name: "default",
      pattern: "{controller=Home}/{action=Index}/{id?}");

When you call the Static File Middleware before the authorization middleware, the framework doesn’t perform any authorization checks on the static files getting served. Hence, the files under wwwroot directory are publicly accessible. If you want to authorize the requests before serving the static files, you need to store them outside the wwwroot directory and call the Static File Middleware after the call to UseAuthorization().

Updated on: 22-Jun-2021


Kickstart Your Career

Get certified by completing the course

Get Started