Asp.net webform & roled based permission for different folders -

i have following folder structure in asp.net webform application.

_adminuser _moderatoruser _employeeuser images js css ckeditor app_code errorpages default.aspx news.aspx article.aspx 

so far had 1 type of user used edit contents of website. used authorise users , redirect authorised user folder '_adminuser'

can make changes site.

and below code in web.config enough me work without issue.

    <authentication mode="forms">       <forms loginurl="~/_login.aspx" timeout="2880"/>     </authentication>    <location path="_adminuser">     <system.web>       <authorization>         <deny users="?"/>       </authorization>     </system.web>   </location>   <location path="ckeditor">     <system.web>       <authorization>         <deny users="?"/>       </authorization>     </system.web>   </location> 

in new project have create 3 different types of users

1. admin user (who super user & can have access files in different folder )
2. moderator user (this type of user can have access files in folder _moderatoruser & other general foleder no access _adminuser or _employeeuser )
3. employee user (this type of user can have access files in folder _employeeuser& other general folder no access to_adminuseror_employeeuser` )

in order achieve have create 3 types of roles admin , moderator , employee. when create new user assign specific role , want each role have access different folder described above.

but not sure how can modify web.config file can achieve kind of role based permission. have been looking such tutorial no luck far. other tutorial looked @ doesn't seem address problem. appreciate pointer in right direction.

i assume use asp.net membership , role provider. if so, need separate web.config in each folder restrict permission.

web.config inside admin folder

the following web.conf setting (located inside admin folder) allows users in admin role accessing files inside admin folder. other users cannot access files.

<?xml version="1.0" encoding="utf-8"?> <configuration>   <system.web>     <authorization>       <allow roles="admin" />       <deny users="*" />     </authorization>   </system.web> </configuration>