I have set up roles authorization on my asp.net 2.0 website and its not working properly. The web.config is set up so that only users in the admin role can see the pages. However anyone can see the pages.
If i use Roles.IsUserInRole to see if the logged in user is in admin or not I get the correct answer of true/false as i would expect. It's the settings in the web.config that dont seem to be working.
Here is the web.config
<deny users="?" />
<allow roles="Admin" /> <------it makes no difference what i put here, anyone role can see all pages
<roleManager enabled="true" defaultProvider="SqlRoleProvider">
Any help is much appreciated. I need to get this working and I have no idea what's wrong
thanks a lot