I'm "playing around" with an application because support of it is going to be turned over to our department from another department.

I loaded the solution in Visual Studio and I am walking through it and something odd is happening. It is trying to read the authorization section of system.web via these calls:
Code:
                AuthorizationSection auth = WebConfigurationManager.GetSection("system.web/authorization") as AuthorizationSection;
                if (auth != null)
                {
                    foreach (AuthorizationRule rule in auth.Rules)
                    {
                        if (rule.Action.ToString().ToUpper() == "ALLOW")
                        {
                            if (rule.Roles.Count > 0)
                                if (rule.Roles.ToString().ToUpper() == userRole.ToUpper())
                                    allowAccess = true;
It is not setting allowAccess = true because Roles.Count = 0. However, I am stumped before that part because I don't *see* an authorization section in system.web in my web.config file. But, apparently it's finding one because it hits this test rule.Action.ToString().ToUpper() == "ALLOW" and that's true. Is there somewhere else it could be looking? I am looking at the web.config file in Visual Studio - I assume that's what it must be using. Thanks.