The FileAuthorizationModule.CheckFileAccessForUser(string, IntPtr, string) method checks to see whether the current user, represented by a Windows access token, is granted access to the requested file in the file-system access-control lists (ACLs). The virtual path is mapped to the physical file-system path before the check is made.

If the HTTP verb used to make the request is GET, POST, or HEAD, the FileAuthorizationModule.CheckFileAccessForUser(string, IntPtr, string) method checks for read access to the file. If any other verb is used, the FileAuthorizationModule.CheckFileAccessForUser(string, IntPtr, string) method checks for read/write permission to the file.

Security Note   If the System.Web.Security.FileAuthorizationModule module is not defined in the httpModules configuration section for the application, the System.Web.Security.FileAuthorizationModule module always returns true.