This How To provides a code example which implements a scenario where anonymous visitors can create page folders and files in the EPiServer File Management System.

Get the page folder ID:

CopyC#
int folderId = (int)CurrentPage.Property["PageFolderID"].Value;

Get the root directory for page folders:

CopyC#
string pageDirectoryRootVirtualPath = VirtualPathHandler.PageDirectoryRootVirtualPath;

VersioningDirectory pageRootDirectory = (VersioningDirectory)HostingEnvironment.VirtualPathProvider.
                                        GetDirectory(pageDirectoryRootVirtualPath);

Combine the root path with folder name and get directory:

CopyC#
string virtualPathFromFolderId = VirtualPathUtility.Combine(
    pageDirectoryRootVirtualPath, VirtualPathUtility.AppendTrailingSlash(folderId.ToString()));

UnifiedDirectory pageDirectory = HostingEnvironment.VirtualPathProvider.
    GetDirectory(virtualPathFromFolderId) as UnifiedDirectory;

Bypass security and Create page folder if needed:

CopyC#
if (pageDirectory == null)
{
    pageRootDirectory.BypassAccessCheck = true;
    pageDirectory = pageRootDirectory.CreateSubdirectory(folderId.ToString(), CurrentPage);
}

Creating a Folder Inside a Page Folder

The same strategy can be applied to create a folder inside a page folder. Get or create an upload folder a in page folder:

CopyC#
string uploadPath = VirtualPathUtility.AppendTrailingSlash(Path.Combine(pageDirectory.VirtualPath, "upload"));

UnifiedDirectory uploadDirectory = (UnifiedDirectory)HostingEnvironment.VirtualPathProvider.GetDirectory(uploadPath);

if (uploadDirectory == null)
{
    pageDirectory.BypassAccessCheck = true;
    uploadDirectory = pageDirectory.CreateSubdirectory("uploadDirectoryName");
}

Finally turn on BypassAccessCheck to allow everyone to upload:

CopyC#
uploadDirectory.BypassAccessCheck = true;

return uploadDirectory;

You can set the BypassAccessCheck property on files and folders