web.config secure one file: can you use AD distribution groups?

I have the following in my web.config:

<location path="DeleteJob.aspx">
    <system.web>
      <authorization>
        <allow roles ="MyDomain\PointOne Team"/>
        <allow roles ="MyDomain\PointOne Schedulers"/>
        <deny users = "*"/>
      </authorization>
    </system.web>
</location>

The problem is, the people in the "PointOne Team" still can't access the DeleteJobs.开发者_运维百科aspx page.

Is that because the "PointOne Team" is a "Distribution Group" in AD, and not a "Security Group"?

Thanks!

---

Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook.

As a generic rule, you can't use distribution groups to assign permissions on any objects, whatsoever. This includes pages inside an asp.net web application.

If you need to set permission, create a security group with the necessary people in it. As an alternative, you might consider converting the distribution group to a security group, if you are not using it for distribution purposes anyway.