[RESOLVED] system.web authorization

I'm "playing around" with an application because support of it is going to be turned over to our department from another department.

I loaded the solution in Visual Studio and I am walking through it and something odd is happening. It is trying to read the authorization section of system.web via these calls:

Code:

---

                AuthorizationSection auth = WebConfigurationManager.GetSection("system.web/authorization") as AuthorizationSection;
                if (auth != null)
                {
                    foreach (AuthorizationRule rule in auth.Rules)
                    {
                        if (rule.Action.ToString().ToUpper() == "ALLOW")
                        {
                            if (rule.Roles.Count > 0)
                                if (rule.Roles.ToString().ToUpper() == userRole.ToUpper())
                                    allowAccess = true;

---

It is not setting allowAccess = true because Roles.Count = 0. However, I am stumped before that part because I don't *see* an authorization section in system.web in my web.config file. But, apparently it's finding one because it hits this test rule.Action.ToString().ToUpper() == "ALLOW" and that's true. Is there somewhere else it could be looking? I am looking at the web.config file in Visual Studio - I assume that's what it must be using. Thanks.

I'm sorry - there was a comment with that code which should have hit me over the head (because how often are we lucky enough to work with code that's been commented?!) but I just noticed it now:

Code:

---

remember authorization is inherited from other web.configs (outside of app pool as well!)

---

So I will look around for said "other web.configs".

Another developer who was also trying to get this to work on her PC edited the web.config to contain all the roles.

Thanks for listening.