I'm using a CMS (N2) to manage a new website. The CMS includes functionality for uploading files using the filesystem (not binary in DB, which is also possible, but I want to use filesystem). Some of the subfolders in the uploads directory need to be secured. This can be done using authorization elements in (a sub) web.config as stated here.

Users and roles are managed through the admin interface and are managed by my CMS administrator. Some roles are added dynamically based on certain functionality in the website. Therefore I would like to keep my ~/upload/xxx subfolder security dynamic as well. What is a good solution for dynamically managing authorization based on web.config?

One way to accomplish this would be to specify a <location path="MyFolder">...</location> in order to open up a specific folder to anyone.

It is a best practice to put these at the bottom of your web.config file and should give you the flexibility you are looking for.

Here's the MSDN page for the location Element: http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

Good luck!

Matti

Not to do it. Point.

Make your own data file, and plug in a provider to read this, if you dont have a database, use a database otherwise. YOu don want web.config changes to interfere with development / upload changes. VERY nice anti-pattern.