I am trying to check if a user has access to a specified location in ASP.NET web forms. The web.config file in a subfolder is defined using:
<!-- this is located in a subfolder --><?xml version="1.0"?><configuration><system.web><authorization><deny users="?"/></authorization></system.web><location path="page.aspx"><system.web><authorization><deny roles="SOME_ROLE" /><allow users="*" /></authorization></system.web></location></configuration>Trying to open the location when logger when logged in as user in this role correctly redirects me to the login screen, so the config seems to be correct.
However, when I call UrlAuthorizationModule.CheckUrlAccessForPrincipal for this page, it always returns true (as long as any user is signed in, regardless of role).
How do I check access for a location in a subfolder?