role in web config is not working

See more:

VB

ASP.NET

Hi all,

can someone help me on this problem.it's been a week.i dont know how to solve this..
my login page is reach to human resource table (oracle) then i compare (role) to my own table..

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

        Dim con As New OracleConnection(OracleString)
        con.Open()
        Dim log As String
        log = "Select Distinct J.Emplid, P.Name, " +
        "C.Descr Dept From PS_JOB J, PS_JOB JD " +
        "Where J.Emplid = '" + Request("UID") + "' "
       

        Dim cm As New OracleCommand(log, con)
        cm.Connection = con
        'cm.CommandText = log
        'Dim name As String = DirectCast(cm.ExecuteScalar(1), String)
        'Label1.Text = DirectCast(cm.ExecuteScalar(1), String)
        'cm.ExecuteNonQuery()
        Dim d As OracleDataReader = cm.ExecuteReader()
        d.Read()
        Label1.Text = d.GetString(1)
        Label4.Text = d.GetString(3)

        Session("sEmplid") = d.GetString(0)
        'Dim cm As New OracleCommand()
        'cm.Connection = con
        'cm.CommandText = log
        'Dim id As String = DirectCast(cm.ExecuteScalar(0), String)
        'Label3.Text = DirectCast(cm.ExecuteScalar(0), String)
        Session("sNama") = Label1.Text
        Session("sDept") = Label4.Text
        'Session("sEmplid") = Label3.Text

       
        checkrole()



    End Sub

    Protected Sub checkrole()
        Dim role As String
        Dim con As New SqlConnection(connectionString)
        con.Open()
        If (Session("sEmplid") <> "") Then
            Dim r As String = "Select roles from logs where Emplid = '" + Session("sEmplid") + "'"
            Dim c As New SqlCommand(r, con)
            c.Connection = con
            Dim d As SqlDataReader = c.ExecuteReader()
            d.Read()
            If DBNull.Value.Equals(d("roles")) Then
                Label2.Text = "user"
                role = Label2.Text
                Session("sRole") = role
                Response.Redirect("home.aspx")
            Else
                Label2.Text = d.GetString(0)
                role = Label2.Text
                Session("sRole") = role
                Response.Redirect("home.aspx")
            End If
        Else
            Response.Redirect("login.aspx")

        End If


        If (Session("sRole") = "user" Or Session("sRole") = "manager" Or Session("sRole") = "general" Or Session("sRole") = "master") Then
        
        Response.Redirect("home.aspx")
        Else
        Response.Redirect("login.aspx")
        End If

       
    End Sub

web.config:

<sitemap enabled="true">
            <providers>
                <clear />
                <add sitemapfile="Web.sitemap" name="AspNetXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" securitytrimmingenabled="true" />
            </providers>
        </sitemap>

        <authentication mode="Forms">
            <forms name ="pageForm" loginUrl="~\login.aspx" defaultUrl="~\home.aspx"></forms>
        </authentication>




    <location path="approval.aspx">
            <system.web>
                <authorization>
                    <allow users="master" />
                    <deny users="*" />
                </authorization>
            </system.web>
        </location>

web.sitemap:

<sitemap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0">
    <sitemapnode roles="*">
        <sitemapnode url="home.aspx" title="Home" description="" />
        <sitemapnode url="status.aspx" title="Status" description="" />
        <sitemapnode title="Approval by GM ISM" description="GM ISM Use Only" url="approval.aspx" />
        <sitemapnode url="logout.aspx" title="Logout" description="" />
    </sitemapnode>


</sitemap>

the problem is; whenever i login (no matter what user id) the menu appear for role user. seems like role master doesnt work at all in web config..please help me..

thanks
musiw.