This How To provides a code example which implements a scenario where anonymous visitors can create page folders and files in the EPiServer File Management System.

Get the page folder ID:

int folderId = (int)CurrentPage.Property["PageFolderID"].Value;

Get the root directory for page folders:

string pageDirectoryRootVirtualPath = VirtualPathHandler.PageDirectoryRootVirtualPath;

VersioningDirectory pageRootDirectory = (VersioningDirectory)HostingEnvironment.VirtualPathProvider.

Combine the root path with folder name and get directory:

string virtualPathFromFolderId = VirtualPathUtility.Combine(
    pageDirectoryRootVirtualPath, VirtualPathUtility.AppendTrailingSlash(folderId.ToString()));

UnifiedDirectory pageDirectory = HostingEnvironment.VirtualPathProvider.
    GetDirectory(virtualPathFromFolderId) as UnifiedDirectory;

Bypass security and Create page folder if needed:

if (pageDirectory == null)
    pageRootDirectory.BypassAccessCheck = true;
    pageDirectory = pageRootDirectory.CreateSubdirectory(folderId.ToString(), CurrentPage);

Creating a Folder Inside a Page Folder

The same strategy can be applied to create a folder inside a page folder. Get or create an upload folder a in page folder:

string uploadPath = VirtualPathUtility.AppendTrailingSlash(Path.Combine(pageDirectory.VirtualPath, "upload"));

UnifiedDirectory uploadDirectory = (UnifiedDirectory)HostingEnvironment.VirtualPathProvider.GetDirectory(uploadPath);

if (uploadDirectory == null)
    pageDirectory.BypassAccessCheck = true;
    uploadDirectory = pageDirectory.CreateSubdirectory("uploadDirectoryName");

Finally turn on BypassAccessCheck to allow everyone to upload:

uploadDirectory.BypassAccessCheck = true;

return uploadDirectory;

You can set the BypassAccessCheck property on files and folders