Good Morning,
i'm new in web development and Idon't know allthe tricks.
I have created a web site ( web forms ) with Authorization and Authentication policies for the login to a page called stats.aspx.
I have another page ( createUser.aspx ) where not all users can habe access, but onlyauthorized users. For this scope i have created different Roles and Users in my SQL Database ( i have used the automatic procedure to use the Membership Features ).
I have set in my web.config file that only users that have Roles administrator can access to createUser.aspx .
If i test my application on local ( with visual studio 2012 ) it all works, but when i publish my application on IIS 7.5 also the user that can have the Authorization can access to createUser.aspx .
someone have a solution?
Here a part of my web.config
<system.web><authentication mode="Forms"><forms loginUrl="~/Account/Login.aspx" defaultUrl="~/Forms/Statistiche.aspx" timeout="15" ></forms></authentication><authorization><deny users="?"/><allow users="*"/></authorization></system.web><location path="~/Private" ><system.web><authorization><deny roles="users" users="" verbs=""/><allow roles="amministratore" verbs="" /></authorization></system.web></location>