Hi. I created a web application using "Forms Authentication".
There is a folder name "uploads", and it creates subfolders as username when they register. Web application stores users' files and images under their folder ("uploads/username")
I tried to find a way to restrict users to download and upload files to their folder only and couldn't find a good one.
Then I came up with this idea that stores "web.config" file each time user registers and the web.config should look like below. Username will be changed dynamically according to username.
This method actually works but I am little worried if this is a good practice as far as performance wise. Because it'll create web.config files as many as users and there might be other holes that I don't recognize.
I appreciate any advice or better suggestion for this problem.
--------web.config in "/Root/uploads/username directory"--------------
View Complete Post