With regard to adding authorization via IIS 7+ I can add an Allow rule via IIS Manager which results in updating the web.config as follows:
<windowsAuthentication enabled="true" />
<add accessType="Allow" roles="Admin" />
Using this example, where is the role of Admin defined? If I were to guess it would be Microsoft Active Directory.
My web application, written in Visual Basic ASP.NET, uses forms based authentication and the <location> tag in web.config to govern access to most of the website. However, this application also contains classic ASP scripts which are not governed by ASP.NET since classic ASP is not managed code. It is for this reason I surmised using IIS authentication and authorization.
But I don't know where the role and user names are defined to which IIS authorization references.
Any assistance would be most appreciated.