1. Add a new Web.config file into the directory that you want to control access. For example, I
put a config file into the Admin folder.
2. Modify the Web.config file to include the following statements:
1 <?xml version="1.0"?>
2 <configuration>
3 <system.web>
4 <authorization>
5 <allow roles="Administrator"/>
6 <deny users="*"/>
7 </authorization>
8 </system.web>
9 </configuration>
3. In the Web.siteMap file, add the following line. By adding "Administrator" as the roles for that particular web page, an admin login will display the "Admin Page" but not the "Game Page".
1 <?xml version="1.0" encoding="utf-8" ?>
2 <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
3 <siteMapNode url="default.aspx" title="Home" description="" roles="Administrator, Agent">
4 <siteMapNode url="~/Admin/test1.aspx" title="Admin Page" description="" roles="Administrator"/>
5 <siteMapNode url="~/Game/test2.aspx" title="Game Page" description="" roles="Agent"/>
6 </siteMapNode>
7 </siteMap>