Rolemanager not working properly

My rolemanager in c# is not working as I want it to.

When starting my site, an loggin page is started. And when logged in, redirects you to Default.aspx

var username = (string)Session["username"];
    Login1.LoggedIn += (ee, ff) =>
    {            
        Session.Add("username", Login1.UserName);  
        Response.Redirect("Default.aspx");
}

My masterpage checks if session is null then go to Login.aspx

if (Session["username"] == null)
{
Response.开发者_开发百科Redirect("Login.aspx");
return;
}`

I have 2 diffrent roles "admin" and "vip".

So if the user is in the role "admin" grant access to the specific aspx site else dont!.

     if (User.IsInRole("admin"))
       {
          Response.Redirect("Test.aspx");
      } else if (User.IsInRole("vip")) {
         Response.Redirect("Default.aspx");
       }`

Still it does not matter who is logged in, it still grants access to Test.aspx

My webconfig file:

<system.web>
  <authorization>
   <allow roles="admin" />
  </authorization>`

Hope someone is understands my "small" problem

---

try giving deny users also in web.config like :

<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>`