This is done by <Location> tag in Web.Config file.
Listing 3
<location path="ADMIN">
<system.web>
<authorization>
<allow roles="ADMIN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Publishers">
<system.web>
<authorization>
<allow roles="PUBLISHER,ADMIN"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
The above setting will restrict users trying to access the
Admin section and Publisher section until they are part of that role and allow
users who are already part of the roles.