Allow write access to a folder for only specific web users

I have a website that is written in C# that uses Forms Authentication to allow users to access additional content on the site. Some of those users have an aspnet role I created called Admin. These users only can add content to the site including uploading images.

What is the proper way to give these 开发者_JAVA百科specific users write access to the images folder and only give other users read access?

I looked at using pass-through authentication on my IIS7 server but I can't add all of the users to folder permissions because new users are being added all the time. I also thought about using a virtual directory but I wasn't sure how to make that work.

I don't know if this is best practice, but you can setup impersonation in your web.config file for a specific directory:

<location path="UploadPath">
  <system.web>
   <identity impersonate="true" userName="impersonatedUser" password="******"/>
   <authorization>
    <deny users="?"/>
    <allow roles="Admin"/>
   </authorization>
  </system.web>
 </location>

Some more information on impersonation: http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx

You should have a virtual directory where all the files uploaded will go, preferably separated by User1, User2 folders. That virtual directory will be configured under a user that has permissions to write to the folders underneath. I don't think there is anyway you can control the read/write access to that using forms authentication. You will have to restrict the access to the upload page/functionality on the web application using forms authentication roles.