I have a website that is written in C# that uses Forms Authentication to allow users to access additional content on the site. Some of those users have an aspnet role I created called Admin. These users only can add content to the site including uploading images.
What is the proper way to give these 开发者_JAVA百科specific users write access to the images folder and only give other users read access?
I looked at using pass-through authentication on my IIS7 server but I can't add all of the users to folder permissions because new users are being added all the time. I also thought about using a virtual directory but I wasn't sure how to make that work.
I don't know if this is best practice, but you can setup impersonation in your web.config file for a specific directory:
<location path="UploadPath">
<system.web>
<identity impersonate="true" userName="impersonatedUser" password="******"/>
<authorization>
<deny users="?"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
Some more information on impersonation: http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx
You should have a virtual directory where all the files uploaded will go, preferably separated by User1, User2 folders. That virtual directory will be configured under a user that has permissions to write to the folders underneath. I don't think there is anyway you can control the read/write access to that using forms authentication. You will have to restrict the access to the upload page/functionality on the web application using forms authentication roles.
精彩评论