I am trying to limit access for a page like so
<location path="ArticleAdministration.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow roles="domain\group"/>
</authorization>
</system.web>
But for some reason when I login in with a user who does not have access to that group he is still possible to view the page.
Can anyone tell me what is wrong? Please.
Add another one rule right below rule for domain\group: <deny roles="*"/>, or even more explicit rule: <deny users="*"/>