This literally says
<allow users="?"/>
<deny users="*"/>
Allow all anon users and deny everyone.
In any event, I would create a second web.config in my admin directory with this code:
<configuration>
<system.web>
<authentication mode="Forms"/>
<forms name="login" loginUrl="login.aspx" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
Also take a look at these URLs
http://www.codeproject.com/aspnet/Fo...nAuthorizn.asp
http://msdn2.microsoft.com/en-us/library/wce3kxhd.aspx
hth
================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
.: Wrox Technical Editor :.
Wrox Books 24 x 7
================================================== =========