authorization problem

[sonu]

Mark is creating a website using ASP.NET. He is using Forms
authentication for authenticating and authorizing users. He has the
following
layout of files and directories in his website:

Root
....File
Manager/
....Files
Employee/
...Files

He wants to configure Forms authentication in such a way that the
following requirements are met:
1. Users with role employee can access web forms, which are either at
root or in Employee folder.
2. Users with role manager can access all the web forms.

For this purpose, he placed Web.config files in Manager and Employee
folder. He has
placed the following code in Web.config file:

Employee/Web.config
<system.web>
<authorization>
<allow roles="employee" />
<deny users="*" />
</authorization>
</system.web>

Manager/Web.config
<system.web>
<authorization>
<allow roles="manager" />
<deny users="*" />
</authorization>
</system.web>

When he runs the application and logins with the manager role, he can
access the web forms that are placed in the Manager folder, but he
cannot access the web forms that are placed in the Employee folder.
What
could be the possible cause of this problem? Please discuss the
authorization element to support your answer.

Please try to find this problem.

Regards
Sonu

 

[Guest]

Will a user in the "Manager" role also be in the "Employee" role? If not,
you need to change the Employee/Web.Config to include access for both roles
e.g.

Employee/Web.config
<system.web>
<authorization>
<allow roles="employee,manager" />
<deny users="*" />
</authorization>
</system.web>