public static string FormatFilePath(string dataRootPath, string sessionId, DateTime time)
{
var timeText = time.ToString("yyyy-MM-dd HH_mm_ss");
var filePath = Path.GetFullPath(string.Format("{0}\\{1}.{2}.txt", dataRootPath, timeText, sessionId));
if (!filePath.StartsWith(dataRootPath)) // block malicious session ids
throw new ArgumentException(filePath);
return filePath;
}