Scenario
I use Custom IPrincipalalso IIdentityfor authorization asp.net. I installed Principaland Identityduring the event PostAuthenticateRequestusing IHttpModule.
Web.config looks something like this:
<system.web>
<authorization>
<allow verbs="GET,POST" roles="domain\group"/>
<deny verbs="*" users="*"/>
</authorization>
</system.web>
<location path="~/admin/user_search.aspx">
<system.web>
<authorization>
<allow verbs="GET,POST" roles="admin"/>
<deny verbs="*" users="*"/>
</authorization>
</system.web>
</location>
Problem
When the request is executed, the method IPrincipal.IsInRoleis called once for verification domain\group, but does not receive the call again to verify the role admin. What causes this? Do I have a locationwrong syntax or is there a deeper problem?
Notes
Initially, I thought that the web.config in the admin directory overrides the web.config file in the root directory, but I tried to delete it altogether and also use it for the element location. Still not working.