Hi,
I worked on an application for 5 months and there are different levels of user access to the system like Administrator, Staff, Student etc. I used form based authentication and created different directory for each user type and then set role's access in web.config as follow :
<location path="Admin">
<system.web>
<authorization>
<allow roles="ADMIN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Agent">
<system.web>
<authorization>
<allow roles="AGENT"/>
<allow roles="AGENTADMIN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>So that Admin has only access to admin folder's content and Agent has access to Agent folder's content and so on... but now the client wants admin to assign who can access which function of the system so that they can change access level on role by role basis. For example at the moment financial info is only available to ADMIN role and hence in Admin folder but now admin wants to give that functions access to STAFF role as well.... This is just an example there can be many more scenarios like this...
What is the best way to tailor the system now to allow ADMIN to give a specific functions access to a specific role ?