I want to maintain different user authorization lists for different environments. I know that connectionstrings can be broken out in an external file with configSource, but how would I do this for the following?
<authorization>
<allow users="someuser1"/>
<allow users="someuser2"/>
<allow users="someuser3"/>
<deny users="*"/>
</authorization>
Use a roles provider instead of adding each individual user to your allow list. Then for each environment you specify which group has access:
<!-- Development -->
<authorization>
<allow roles="development"/>
</authorization>
<!-- Q/A-->
<authorization>
<allow roles="test"/>
</authorization>
<!-- Production -->
<authorization>
<allow roles="*"/>
</authorization>