You are creating an ASP.NET Web site. The site contains pages that are available to anonymous
users. The site also contains a page named Premium.aspx that provides premium content to only
members of a group named Subscribers. You need to modify the web.config file to ensure that
Premium.aspx can be accessed by only members of the Subscribers group. Which configuration
should you use?

A.
<location path=”Premium.aspx”>
<system.web>
<authorization>
<allow users=”Subscribers”/>
<deny users=”*”/>
</authorization>
</system.web>
</location>

B.
<location path=”Premium.aspx”>
<system.web>
<authorization>
<allow roles=”Subscribers”/>
<deny users=”*”/>
</authorization>
</system.web>
</location>

C.
<location path=”Premium.aspx”>
<system.web>
<authorization>
<allow roles=”Subscribers”/>
<deny users=”?”/>
</authorization>
</system.web>
</location>

D.
<location path=”Premium.aspx”>
<system.web>
<authorization>
<deny users=”*”/>
<allow roles=”Subscribers”/>
</authorization>
</system.web>
</location>

Explanation:
CHAPTER 13 Implementing User Profiles, Authentication, and Authorization
Lesson 2: Using ASP.NET Membership

Restricting Access to ASP.NET Websites, Files, and Folders – Controlling Authorization for Folders and
Files by Using .config Files (page 819)