Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. Or we could dictate that only users Tito and Bob were allowed, or indicate that all authenticated users except for Sam were permitted.
The default value is "/", which informs the browser to send the authentication ticket cookie to any request made to the domain. The default value is an empty string, which causes the browser to use the domain from which it was issued (such as The good news is that the tools at our disposal for applying authorization rules work equally well with roles as they do for user accounts.URL authorization rules can specify roles instead of users.For more information on this security recommendation, as well as other security concerns, refer to the Security Question List for ASP. parameter, as this parameter indicates that the user arrived at the login page after attempting to view a page he was not authorized to view.Figure 4: Only Users in the Administrators Role Can View the Protected Pages (Click to view full-size image) Log off and then log in as a user that is in the Administrators role.