解决办法：

打开editor/filemanager/connectors/aspx/config.ascx修改CheckAuthentication()方法，返回true

C# code

private bool CheckAuthentication()
{
// WARNING : DO NOT simply return "true". By doing so, you are allowing
// "anyone" to upload and list the files in your server. You must implement
// some kind of session validation here. Even something very simple as...
//
//        return ( Session[ "IsAuthorized" ] != null && (bool)Session[ "IsAuthorized" ] == true );
//
// ... where Session[ "IsAuthorized" ] is set to "true" as soon as the
// user logs in your system.

        return true;
}

随便看了一下config.ascx里的内容，发现如果想让对每个用户进行不同的配置，FCKeditor支持的更好了。

不要改成return true.
在登录时加入
Session[ "IsAuthorized" ]　＝　true;
去掉
// return ( Session[ "IsAuthorized" ] != null && (bool)Session[ "IsAuthorized" ] == true );
前的注释。不然任何人都可以上传文件。