Files / Umbraco forms files upload security options

[MvG013]

This is my first ever post here so i hope it's readable :)

We are working with sensitive data on a project and there isn't a good way to secure this data. (Atleast that i know of) I have been searching for quite some time now and the only solution i can find is denying any acces to all users with IIS / web.config rules. The problem with this is that it's for all users also the administators and editors. Normally it's possible to allow acces on a folder to specific IIS roles, users or groups but it's not working with the Umbraco backoffice users or roles. So i would love to hear if there is an other solution than the web.config rules or what the exact roles, groups or users are from the Umbraco backoffice that can be added to the web.config rules.

The rule that i'm using on a specific folder (denying all users):

The rule that is normally works to deny all users except of the admins on a specific folder:

The best solution for umbraco forms uploads would be that it's possible to choice allowed backoffice users on the forms itself. This way the backoffice users can manage the accesability and not only developers who have acces to the web.config.

Security on specific folders can be done in many ways i think but i don't know the easiest/best way to do this yet. On the project i need a custom file upload with sensitive data so i'm a bit afraid that it will be accesable from the web. If any one has any tips about this that would be great!

[nul800sebastiaan]

Thanks @MvG013, please follow along on the Umbraco Forms issue tracker and leave any additional comments you may have there: umbraco/Umbraco.Forms.Issues#11