You can assign a set of permissions to a group of people. You do so in two steps: first, you assign permissions to a role, and then you assign users to the roles you’ve created. Any given user may be in more than one role (for example, administrator and manager). The permissions you assign to each role may determine access to a page, or it may determine the content of a given page displayed to members of that role.

Creating a New Application with RolesTo demonstrates how to create roles and assign users to those roles; you’ll need to create a new application, setting the appropriate IIS configuration. In the previous exercise, you created the directory for your application before you created the application itself. To see that there is more than one way to accomplish creating the relationship between physical and virtual directories, let’s reverse the order.

Start by creating a new web site from within VS2005 and naming it ASPSecurityRoles.

Find the directory in which the Default.aspx page is held by clicking on the page in Solution Explorer and looking at the Properties window. Use the IIS administrator to create a virtual directory and call it ASPSecurityRoles that points to that physical directory. Right-click on the virtual directory and select properties.

Click the ASP.NET tab and then click the Edit Configuration button (as you did in the previous exercise). Again, click the Authentication tab and set Forms authentication, but this time check the ...