Which part of the config.Web file contains the list of users who are permitted access?

Explanation

The 'authorization' section in the config.Web file is where the list of permitted users is maintained. The 'securityPolicy' and 'authentication' sections serve different purposes and do not store authorized user lists.