Table 1. Modifications Required for web.config

Table 1. Modifications Required for web.config

Replace the code in this section:

with this code:

<!-- Require authorization for all -->
<!-- files in the "member" folder -->

<location path="members">
   <system.web>     
      <authorization>
         <deny users="?" />
      </authorization>
     </system.web>
</location>

<!-- Require authorization for all files -->
<!-- in the "manager" folder -->

<location path="manager">
   <system.web>     
      <authorization>
         <allow roles="manager" />
         <deny users="*" />
      </authorization>
     </system.web>
</location>

<!-- Require authorization for -->
<!-- all files in the -->
<!-- "member" subdirectory. -->
<!-- Note the multiple -->
<!-- values for the <allow -->
<!-- roles> tag. This allows -->
<!-- a person logged in as a -->
<!-- manager to see the -->
<!-- member pages too. -->

<location path="members">
   <system.web>     
      <authorization>
         <allow roles="member, manager" />
         <deny users="*" />
      </authorization>
     </system.web>
</location>