You need to include the location element in the Web.config file. For example in my case, I have deny=?
for anonymous users which takes everyone to the login.aspx. But whithin login.apx I have a link to the Register.aspx. So to allow
access to Register.aspx I have to include a location element in the root web.config file.

snippet from root's Web.config file.

<authentication mode="Forms">
	<forms name="frmLogin" loginUrl="Users/Login.aspx" timeout="30"></forms>
</authentication>
<authorization>
     <deny users="?" />
</authorization>
</system.web> <!-- Comes after the roots systeb.web tag -->
 <location path="Users/Register.aspx">
	<system.web>
		<authorization>
			<allow users="*" />
		</authorization>
	</system.web>
</location>	

> Root of the site has Forms auth. Works perfect. Al users form the "MIS" 
r> ole have access to the pages.
I>  need to add a subFolder where only "Sales" users have access.
T> his is where I get the error.
I>  created the subFolder in the file system under the root for my project
(> C:\Inetpub\wwwroot\AELookup_v2\SalesOnly)
I>  went into IIS and made SalesOnly a virtual (one thing, I am using Win2k
P> ro, so AELookup_v2 is a VD of the Default Web Site)
I>  added the web.Config to that folder
a> nd Boom, error after error.
A> ll the docs that I can find are for Root with no security and Subs with. I
n> eed subs with different levels

> I hope you can help me out here.... sample code (web.config) appreciated.