We have discussed so far how to authenticate a user with forms authentication. This process gives you an identity to authorize against. With Windows authentication, you have both an identity and a list of roles to authorize against. How do you use role mappings with forms authentication to authorize against?
With a little work, you can add roles to the forms authentication model. You will use the web.config in Listing 7.11, which defines the roles that are required for access to various URLs in the application.
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.web> <authentication ...