I find myself on an assignment where I could not use System.Web.Security.Roles.  That meant that I could not use Visual Studio's Website | ASP.NET Configuration.  I had to go about things another way.  The clues were in these two websites:

• http://www.csharpaspnetarticles.com/2009/02/formsauthentication-ticket-roles-aspnet.html
• http://msdn.microsoft.com/en-us/library/b6x6shw7(v=VS.71).aspxhttp://msdn.microsoft.com/en-us/library/b6x6shw7(v=VS.71).aspx

You can set in your web.config the restrictions on folders without having to set the restrictions in multiple folders through their own web.config file.  In my main default.aspx file in my protected subfolder off my main site, I did the following code due to MultiFormAuthentication (MFA) providing the security to this point:

        string role = string.Empty;
 

        if (((Login)Session["Login"]).UserLevelID > 3)
        {
            role = "PowerUser";
        }
        else
        {
            role = "Newbie";
        }

 
        FormsAuthenticationTicket ticket = 
            new FormsAuthenticationTicket(
                1,
                ((Login)Session["Login"]).UserID,
                DateTime.Now,
                DateTime.Now.AddMinutes(20),
                false,
                role,
                FormsAuthentication.FormsCookiePath);

 
        string hashCookies = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = 
            new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);
        Response.Cookies.Add(cookie);

This all gave me the ability to change restrictions on folders without having to restart the website or having to do any hard coding.