In my application I have multiple folder which have multiple webpage. I am using Asp.net membership identity for authentication. I have designed different folder for different task. Every folder has its web.config file which is used for role access for folder to users and some of them user has multiple role.
In some folder user should have multiple role to access that folder.
Basically in web.config file
<allow roles="Admin, HR"/>provide access to either Admin or HR.
But my concern is that if specific user has both roles then he will have the access to that folder neither Admin nor HR have access to that folder.
Please see if this helps:
<configuration>
...
<location path="restrictedPages">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="restrictedPages">
<system.web>
<authorization>
<allow roles="HR"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
...
</configuration>