ASP.NET Authentication doesn't work

Question

Hello everyone,

I'm learning how to use the asp authentication, and I have created a test project for it. I have the Default page, the Login page and a Test folder with a Default page inside.

I want that Default page accesible for everyone (so, without authentication) and the "Test/Default.aspx" private. My "Web.config" is like this:

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"&gt;
    <system.web>
    <authentication mode="Forms">
        <forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH" >
        </forms>
    </authentication>
    <authorization>
        <allow users="*" />
    </authorization>

    </system.web>

    <location path="Empresas">
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
    </location>
</configuration>

This way, when I access to the Test/Default.aspx page, I can enter even without authorization, and I don't know why. However, if I change "deny users=?" for "deny users=*", then I can't access even when I am authenticated, so the location tag is working correctly.

I change the password every time, just in case it was a cookies problem, but it isn't.

QUESTION: What is wrong in my web.config, or what do I have to do to create some pages privated?

Thank you very much in advance

Answer 1

how about allow users="?" i.e. allow authenticated users