I created a role in the asp.net configuration tool - Admin
I created a user - John
In my project I created a folder called "Admin" with a file called "admin.aspx"
I added "admin.aspx" to my web.sitemap file
<siteMapNode url="~/Admin/admin.aspx" title="Admin" description="Admin" roles="Admin"/>
I then added a web.config to the "Admin" folder
<?xml version="1.0"?><configuration><system.web><authorization><allow users="Admin"/><deny users="*" /></authorization></system.web></configuration>
When I log in as John I can see the link to admin.aspx but when I click on the link I get redirected to login.aspx because I don't have rights to view that page
So I checked if I was logged in as an Admin
User.IsInRole("Admin").ToString() + " " + User.Identity.IsAuthenticated.ToString()Which returned true true.
As a test I changed the web.config in the "Admin" folder to
<allow users="User"/>
And users with the role of "User" can see the page.
I'm confused