In particular, we created a page that listed the contents of the current directory.
Anyone could visit this page, but only authenticated users could view the files' contents and only Tito could delete the files.
Following that, we will look at using declarative and programmatic means for altering the data displayed and the functionality offered by an ASP. Or we could dictate that only users Tito and Bob were allowed, or indicate that all authenticated users except for Sam were permitted.
It then examines how to apply role-based URL authorization rules. When using forms authentication, an authentication ticket is used as an identity token.Technically, I didn't need to specify values for these attributes since I just assigned them to their default values, but I put them here to make it explicitly clear that I am not using persistent cookies and that the cookie is both encrypted and validated. Henceforth, the Roles framework will cache the users' roles in cookies.