If i clearly understand your question, your question is about security
rights...

Web.Config's authorization section is interpreted line by line...

Look at this line

<authorization>
<allow roles="ADMIN"></allow>
<allow users="*"/>
<deny users="?"/>
</authorization>

Just reorder allow/deny tags like following:

<authorization>
<deny users="?"/>
<allow roles="ADMIN"></allow>
</authorization>


--

Thanks,
Yunus Emre ALPÖZEN
BSc, MCAD.NET

"Niyaz via .NET 247" <anonymous@dotnet247.com> wrote in message
news:unVz9oUWFHA.3676@TK2MSFTNGP10.phx.gbl...
I am having an issue, I don't know whether it is my machine or the setting
of my project.

I am using form authentication and following is a piece of my web.config
file.

<location path="Protected">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Protected/Admin">
<system.web>
<authorization>
<allow roles="ADMIN"></allow>
<allow users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>

When I login, it bring up a ~/Protected/Main.aspx page. On Main.aspx, I have
button which Response.Redirects to ~/Protected/Admin/UserList.aspx page.
When I click the button for UserList.aspx, it redirect the page to
UserList.aspx page but the URL remains ~/Protected/Main.aspx, also the code
behind is of Main.aspx. This is causing lots of confusion and issue. I have
given all the rights to wwwroot and to Proctected/Admin.

Any Help in would be highly appreciated. There is no help on this issue, I
am searhing for last 4 days on this issue. Please help.

Thanks,
Niyaz.

-----------------------
Posted by a user from .NET 247 ([url]http://www.dotnet247.com/[/url])

<Id>fnYFJRyxnUG04I9GW85ZWw==</Id>