I have to create an asp.net image gallery type of application that allows users to upload files and for anonymous users to view those files. The owner should be allowed to delete own files.
The site will be using forms based authentication (asp.net membership) and will be running IIS 6, 2003 Server and SQL Server 2005.
One option is to store the images in the SQL Server. That will give me easy access to determine if a user is allowed to delete / alter an image.
Can I also use the file system for storage? How do I control access rights to the files? If I place a web.config in the root of the directory how can I specify, that only users that belong to a specific membership role, can delete / alter files in that