I wrote my own membership provider for the most part it works. However I have added some folders now that I would like to block based on the role that user is in. I can authenticate the user and get my role from the database with the following code. I also know how to block or allow roles in the web.config file <deny roles="Technician" /> but I don't know how to put it all together. How do I block users not in the roll from entering a folder in my asp.net code?

VB Code:
  1. Dim myName, myPass, myRole As String
  2.     Protected Sub OnAuthenticate( _
  3.         ByVal sender As Object, _
  4.         ByVal e As AuthenticateEventArgs)
  5.  
  6.         CheckAuth(logInControl.UserName, logInControl.Password)
  7.         If ( _
  8.             String.Compare(logInControl.UserName, myName, True) = 0) AndAlso ( _
  9.             String.Compare(logInControl.Password, myPass, True) = 0) Then
  10.             e.Authenticated = True
  11.         Else
  12.             e.Authenticated = False
  13.         End If
  14.     End Sub
  15.     Protected Sub CheckAuth(ByVal name As String, ByVal pass As String)
  16.         Dim con As New SqlConnection( _
  17.             ConfigurationManager.ConnectionStrings("myApp").ConnectionString)
  18.         Dim cmd As New SqlCommand
  19.         Dim dr As SqlDataReader = Nothing
  20.         cmd = con.CreateCommand
  21.         cmd.CommandText = ( _
  22.             "SELECT UserName, PassWord, Role " & _
  23.             "FROM Users Where UserName = '" & name & _
  24.             "' and " & " password= '" & pass & "'")
  25.         Try
  26.             con.Open()
  27.             dr = cmd.ExecuteReader
  28.             If dr.HasRows Then
  29.                 While dr.Read
  30.                     myName = CStr(dr("UserName"))
  31.                     myPass = CStr(dr("PassWord"))
  32.                     myRole = CStr(dr("UserRole"))
  33.                 End While
  34.             Else
  35.                 myName = "nope"
  36.                 myPass = "nope"
  37.             End If
  38.         Catch ex As Exception
  39.             Response.Write(ex.ToString)
  40.         End Try
  41.     End Sub