I'm building a page that should only be visible to administrators on the web server. The standard prescription for this is:
<system.web>
<identity impersonate="true" />
<authorization>
<allow roles="BUILTIN\Administrators" />
<deny users="*" />
</authorization>
</system.web>
but when User Access Control (UAC) is enabled on the server, ASP.NET pretends that no users are in the Administrators group. Even when I impersonate a user, that user's list of groups does not include the Administrators group.
How then should I be adding this kind of security to my page?