The easiest way to do authorization and role based security testing in web applications, was to switch on basic authentication in IIS and embed user/password in the URL. I have not for a couple yea…