Web.config for authorization of a private user folder

Question

I have a private folder with thousand of users' folders which only be accessible by the correct user. No user can access other users' folders. I can only think of creating a web.config authorization rules for each of the users' subfolder. In this case, I don't have to add every rules for each user in one web.config files.

I am wondering is there any other ways of dealing with this problem by just using one web.config instead of creating a unique web.config file for each of the users.

Answer 1

The other way is that you can create your own Authorization handler that validates the user is in their own directory. A starting point for this would be the Request_Authorization event handler in the Global.asax.

The benifit of doing it this way is that you can manage all the permissions from a single source, such as a database.